Sophie

Sophie

distrib > Mageia > 1 > i586 > by-pkgid > b24f4357c8479344be16703c233650c5 > files > 68

pdns-2.9.22-9.mga1.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Details</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PowerDNS manual"
HREF="index.html"><LINK
REL="UP"
TITLE="PowerDNS resolver/recursing nameserver"
HREF="built-in-recursor.html"><LINK
REL="PREVIOUS"
TITLE="PowerDNS Recursor performance"
HREF="recursor-performance.html"><LINK
REL="NEXT"
TITLE="Statistics"
HREF="recursor-stats.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PowerDNS manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="recursor-performance.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 12. PowerDNS resolver/recursing nameserver</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="recursor-stats.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="RECURSOR-DETAILS"
>12.4. Details</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="ANTI-SPOOFING"
>12.4.1. Anti-spoofing</A
></H2
><P
>	  The PowerDNS recursor 3.0 uses a fresh UDP source port for each outgoing query, making spoofing around 64000 times harder. This 
	  raises the bar from 'easily doable given some time' to 'very hard'. Under some circimstances, 'some time' has been measured at 2 seconds. 
	  This technique was first used by <TT
CLASS="FILENAME"
>dnscache</TT
> by Dan J. Bernstein.
	</P
><P
>	  In addition, PowerDNS detects when it is being sent too many unexpected answers, and mistrusts a proper answer if found within
	  a clutch of unexpected ones.
	</P
><P
>	  This behaviour can be tuned using the <B
CLASS="COMMAND"
>spoof-nearmiss-max</B
>.
	</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3426"
>12.4.2. Throttling</A
></H2
><P
>	  PowerDNS implements a very simple but effective nameserver. Care has been taken not to overload remote servers in case
	  of overly active clients.
	</P
><P
>	  This is implemented using the 'throttle'. This accounts all recent traffic and prevents queries that have been sent out
	  recently from going out again.
	</P
><P
>	  There are three levels of throttling.
	  <P
></P
><UL
><LI
><P
>		If a remote server indicates that it is lame for a zone, the exact question won't
		be repeated in the next 60 seconds.
	      </P
></LI
><LI
><P
>		After 4 ServFail responses in 60 seconds, the query gets throttled too.
	      </P
></LI
><LI
><P
>		5 timeouts in 20 seconds also lead to query suppression.
	      </P
></LI
></UL
>
	</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="recursor-performance.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="recursor-stats.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>PowerDNS Recursor performance</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="built-in-recursor.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Statistics</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional