]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1ffb96f) | patch
[v9_9] DDoS mitigation features
authorEvan Hunt <each@isc.org>
Thu, 9 Jul 2015 06:00:58 +0000 (23:00 -0700)
committerEvan Hunt <each@isc.org>
Thu, 9 Jul 2015 06:00:58 +0000 (23:00 -0700)
commitea36796f8222281f28aba9fc67428c03d043d244
treec771dd5d6d5141a00dc298ead7c973d4b5b7f9edtree | snapshot
parent1ffb96f3dd9137b0a2ea67452004ca150e55ce50commit | diff
[v9_9] DDoS mitigation features

3938. [func] Added quotas to be used in recursive resolvers
that are under high query load for names in zones
whose authoritative servers are nonresponsive or
are experiencing a denial of service attack.

- "fetches-per-server" limits the number of
  simultaneous queries that can be sent to any
  single authoritative server.  The configured
  value is a starting point; it is automatically
  adjusted downward if the server is partially or
  completely non-responsive. The algorithm used to
  adjust the quota can be configured via the
  "fetch-quota-params" option.
- "fetches-per-zone" limits the number of
  simultaneous queries that can be sent for names
  within a single domain.  (Note: Unlike
  "fetches-per-server", this value is not
  self-tuning.)
- New stats counters have been added to count
  queries spilled due to these quotas.

These options are not available by default;
use "configure --enable-fetchlimit" (or
--enable-developer) to include them in the build.

See the ARM for details of these options. [RT #37125]
61 files changed:
CHANGES diff | blob | blame | history
bin/named/client.c diff | blob | blame | history
bin/named/config.c diff | blob | blame | history
bin/named/include/named/server.h diff | blob | blame | history
bin/named/server.c diff | blob | blame | history
bin/named/statschannel.c diff | blob | blame | history
bin/rndc/rndc.c diff | blob | blame | history
bin/rndc/rndc.docbook diff | blob | blame | history
bin/tests/system/Makefile.in diff | blob | blame | history
bin/tests/system/conf.sh.in diff | blob | blame | history
bin/tests/system/ditch.pl [new file with mode: 0644] blob
bin/tests/system/dlzexternal/driver.c diff | blob | blame | history
bin/tests/system/fetchlimit/Makefile.in [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ans4/ans.pl [new file with mode: 0644] blob
bin/tests/system/fetchlimit/clean.sh [new file with mode: 0644] blob
bin/tests/system/fetchlimit/fetchlimit.c [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ans4/ans.pl [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/clean.sh [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns1/named.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns1/root.db [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns2/example.db [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns2/named.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns3/named1.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns3/named2.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns3/named3.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/ns3/root.hint [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/setup.sh [new file with mode: 0644] blob
bin/tests/system/fetchlimit/lameserver/tests.sh [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns1/named.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns1/root.db [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns2/example.db [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns2/named.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns3/named.args [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns3/named1.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns3/named2.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns3/named3.conf [new file with mode: 0644] blob
bin/tests/system/fetchlimit/ns3/root.hint [new file with mode: 0644] blob
bin/tests/system/fetchlimit/prereq.sh [new file with mode: 0644] blob
bin/tests/system/fetchlimit/setup.sh [new file with mode: 0644] blob
bin/tests/system/fetchlimit/tests.sh [new file with mode: 0644] blob
bin/tests/system/resolver/tests.sh diff | blob | blame | history
config.h.in diff | blob | blame | history
configure diff | blob | blame | history
configure.in diff | blob | blame | history
doc/arm/Bv9ARM-book.xml diff | blob | blame | history
doc/arm/notes.xml diff | blob | blame | history
lib/dns/adb.c diff | blob | blame | history
lib/dns/include/dns/adb.h diff | blob | blame | history
lib/dns/include/dns/log.h diff | blob | blame | history
lib/dns/include/dns/resolver.h diff | blob | blame | history
lib/dns/include/dns/stats.h diff | blob | blame | history
lib/dns/log.c diff | blob | blame | history
lib/dns/resolver.c diff | blob | blame | history
lib/dns/view.c diff | blob | blame | history
lib/dns/win32/libdns.def.in diff | blob | blame | history
lib/isc/include/isc/util.h diff | blob | blame | history
lib/isccfg/include/isccfg/cfg.h diff | blob | blame | history
lib/isccfg/include/isccfg/grammar.h diff | blob | blame | history
lib/isccfg/namedconf.c diff | blob | blame | history
lib/isccfg/parser.c diff | blob | blame | history
lib/isccfg/win32/libisccfg.def diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git