From: bert hubert Date: Thu, 14 Jan 2016 10:45:49 +0000 (+0100) Subject: implement & document exceedQRate(), plus populate dnsdist.* with dns types. X-Git-Tag: dnsdist-1.0.0-alpha2~79^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bac6e8fbaffc63d0a675b60c07d94c8aae292400;p=thirdparty%2Fpdns.git implement & document exceedQRate(), plus populate dnsdist.* with dns types. --- diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index e7c9711ce2..cfc2116b59 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -862,6 +862,7 @@ instantiate a server with additional parameters * `exceedServFails(rate, seconds)`: get set of addresses that exceed `rate` servails/s over `seconds` seconds * `exceedNXDOMAINs(rate, seconds)`: get set of addresses that exceed `rate` NXDOMAIN/s over `seconds` seconds * `exceedRespByterate(rate, seconds)`: get set of addresses that exeeded `rate` bytes/s answers over `seconds` seconds + * `exceedQRate(rate, seconds)`: get set of address that exceed `rate` queries/s over `seconds` seconds * `exceedQTypeRate(type, rate, seconds)`: get set of address that exceed `rate` queries/s for queries of type `type` over `seconds` seconds * Advanced functions for writing your own policies and hooks * ComboAddress related: diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 91df22529a..c8260f0637 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -132,6 +132,11 @@ vector> setupLua(bool client, const std::string& confi {"None",(int)DNSAction::Action::None}, {"Delay", (int)DNSAction::Action::Delay}} ); + + vector > dd; + for(const auto& n : QType::names) + dd.push_back({n.first, n.second}); + g_lua.writeVariable("dnsdist", dd); g_lua.writeFunction("newServer", [client](boost::variant pvars, boost::optional qps) diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc index 94bdd1cc3f..0cf7095f73 100644 --- a/pdns/dnsdist-lua2.cc +++ b/pdns/dnsdist-lua2.cc @@ -164,7 +164,8 @@ void moreLua() until.tv_sec += actualSeconds; for(const auto& capair : m) { unsigned int count = 0; - if(auto got = slow.lookup(Netmask(capair.first))) { + auto got = slow.lookup(Netmask(capair.first)); + if(got) { if(until < got->second.until) // had a longer policy continue; if(now < got->second.until) // don't inherit count on expired entry @@ -172,7 +173,8 @@ void moreLua() } DynBlock db{msg,until}; db.blocks=count; - warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg); + if(!got) + warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg); slow.insert(Netmask(capair.first)).second=db; } g_dynblockNMG.setState(slow); @@ -204,10 +206,16 @@ void moreLua() if(q.qtype==type) counts[q.requestor]++; }); + }); - + g_lua.writeFunction("exceedQRate", [](unsigned int rate, int seconds) { + setLuaNoSideEffect(); + return exceedQueryGen(rate, seconds, [](counts_t& counts, const Rings::Query& q) { + counts[q.requestor]++; + }); }); + g_lua.writeFunction("topBandwidth", [](boost::optional top_) { setLuaNoSideEffect(); auto top = top_.get_value_or(10); diff --git a/pdns/dnsdistconf.lua b/pdns/dnsdistconf.lua index dba9a8be91..ca2dd13411 100644 --- a/pdns/dnsdistconf.lua +++ b/pdns/dnsdistconf.lua @@ -97,4 +97,9 @@ function splitSetup(servers, remote, qname, qtype, dh) end end --- setServerPolicyLua("splitSetup", splitSetup) \ No newline at end of file +-- setServerPolicyLua("splitSetup", splitSetup) + +function maintenance() + addDynBlocks(exceedQRate(20, 10), "Exceeded query rate", 60) +end +