From: Remi Gacogne Date: Thu, 21 Mar 2024 08:11:04 +0000 (+0100) Subject: dnsdist: Document that cache hits go into the ring buffer since 1.8.0 X-Git-Tag: rec-5.1.0-alpha1~99^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c0b683f0852d4b86f968ac3164d36de12bd77f9;p=thirdparty%2Fpdns.git dnsdist: Document that cache hits go into the ring buffer since 1.8.0 And the effects it has on Dynamic Blocks. --- diff --git a/pdns/dnsdistdist/docs/guides/dynblocks.rst b/pdns/dnsdistdist/docs/guides/dynblocks.rst index c987b0c69f..a64ae177fd 100644 --- a/pdns/dnsdistdist/docs/guides/dynblocks.rst +++ b/pdns/dnsdistdist/docs/guides/dynblocks.rst @@ -50,7 +50,7 @@ Please see the documentation for :func:`setDynBlocksAction` to confirm which act DynBlockRulesGroup ------------------ -Starting with dnsdist 1.3.0, a new :ref:`dynBlockRulesGroup` function can be used to return a `DynBlockRulesGroup` instance, +Starting with dnsdist 1.3.0, a new :func:`dynBlockRulesGroup` function can be used to return a :class:`DynBlockRulesGroup` instance, designed to make the processing of multiple rate-limiting rules faster by walking the query and response buffers only once for each invocation, instead of once per existing `exceed*()` invocation. diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 84a164282b..072ade479d 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -1727,6 +1727,9 @@ faster than the existing rules. .. method:: DynBlockRulesGroup:setRCodeRate(rcode, rate, seconds, reason, blockingTime [, action [, warningRate]]) + .. note:: + Cache hits are inserted into the in-memory ring buffers since 1.8.0, so they are now considered when computing the rcode rate. + Adds a rate-limiting rule for responses of code ``rcode``, equivalent to: ``` addDynBlocks(exceedServfails(rcode, rate, seconds), reason, blockingTime, action) @@ -1744,6 +1747,9 @@ faster than the existing rules. .. versionadded:: 1.5.0 + .. note:: + Cache hits are inserted into the in-memory ring buffers since 1.8.0, so they are now considered when computing the rcode ratio. + Adds a rate-limiting rule for the ratio of responses of code ``rcode`` over the total number of responses for a given client. :param int rcode: The response code @@ -1772,6 +1778,9 @@ faster than the existing rules. .. method:: DynBlockRulesGroup:setResponseByteRate(rate, seconds, reason, blockingTime [, action [, warningRate]]) + .. note:: + Cache hits are inserted into the in-memory ring buffers since 1.8.0, so they are now considered when computing the bandwidth rate. + Adds a bandwidth rate-limiting rule for responses, equivalent to: ``` addDynBlocks(exceedRespByterate(rate, seconds), reason, blockingTime, action) diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst index c4fb3ba763..7ea7c96383 100644 --- a/pdns/dnsdistdist/docs/upgrade_guide.rst +++ b/pdns/dnsdistdist/docs/upgrade_guide.rst @@ -29,6 +29,8 @@ Responses to AXFR and IXFR queries are no longer cached. Cache-hits are now counted as responses in our metrics. +Cache hits are now inserted into the in-memory ring buffers, while before 1.8.0 only cache misses were inserted. This has a very noticeable impact on :doc:`guides/dynblocks` since cache hits now considered when computing the rcode rates and ratios, as well as the response bandwidth rate. + The :func:`setMaxTCPConnectionsPerClient` limit is now properly applied to DNS over HTTPS connections, in addition to DNS over TCP and DNS over TLS ones. The configuration check will now fail if the configuration file does not exist. For this reason we now create a default configuration file, based on the file previously called ``dnsdistconf.lua``, which contains commented-out examples of how to set up dnsdist.