--On 30 November 2020 at 08:53:27 -0600 Lyle Giese <l...@lcrcomputer.net>
wrote:
Be careful 'rejecting' these outright. These queries are UDP
traffic(not TCP) and the source address is easily forged. RRL is the
correct way to limit these.
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic) - what
I'm trying to find out if buried within the trove of stats produced by
'rndc stats' is there any counter, that counts:
"
Nov 30 00:00:00 client @0xXXXXX X.X.X.X#48536 (.): query (cache)
'./ANY/IN' denied
"
i.e. 'Denied' queries. I can see stats for pretty much everything, e.g.
Queried, notified, all the different record types - there's a block in the
stats file of:
"
749045 queries resulted in nxrrset
45 queries resulted in SERVFAIL
15291 queries resulted in NXDOMAIN
"
But I was expecting to see something like:
34343 queries resulted in DENIED
But I can't see it - or anything that's really applicable?
And, as everyone else is talking about RRL - is there a stat that would
appear for that, e.g.
234829 queries resulted in RATELIMIT
Or similar?
Currently we're just trying to easily graph the DENIED queries to see how
much of the total traffic it is.
-Karl
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
