From: bert hubert Date: Sat, 2 Jan 2016 13:15:02 +0000 (+0100) Subject: document Advanced DNS Protection features for dnsdist X-Git-Tag: dnsdist-1.0.0-alpha2~132^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e35d713e8204d435b1aa209744ae160ad3012a2c;p=pdns document Advanced DNS Protection features for dnsdist --- diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index c05dcda23..17dd25084 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -827,6 +827,14 @@ instantiate a server with additional parameters * Answer changing functions: * `truncateTC(bool)`: if set (default) truncate TC=1 answers so they are actually empty. Fixes an issue for PowerDNS Authoritative Server 2.9.22. * `fixupCase(bool)`: if set (default to no), rewrite the first qname of the question part of the answer to match the one from the query. It is only useful when you have a downstream server that messes up the case of the question qname in the answer + * Dynamic Block related: + * `clearDynBlocks()`: clear all dynamic blocks + * `showDynBlocks()`: show dynamic blocks in force + * `addDynBlocks(addresses, message[, seconds])`: block the set of addresses with message `msg`, for `seconds` seconds (10 by default) + * `exceedServFails(rate, seconds)`: get set of addresses that exceed `rate` servails/s over `seconds` seconds + * `exceedNXDOMAINs(rate, seconds)`: get set of addresses that exceed `rate` NXDOMAIN/s over `seconds` seconds + * `exceedRespByterate(rate, seconds)`: get set of addresses that exeeded `rate` bytes/s answers over `seconds` seconds + * `exceedQTypeRate(type, rate, seconds)`: get set of address that exceed `rate` queries/s for queries of type `type` over `seconds` seconds * Advanced functions for writing your own policies and hooks * ComboAddress related: * `newCA(address)`: return a new ComboAddress