[v9_10] DDoS mitigation features
3938. [func] Added quotas to be used in recursive resolvers that are under high query load for names in zones whose authoritative servers are nonresponsive or are experiencing a denial of service attack. - "fetches-per-server" limits the number of simultaneous queries that can be sent to any single authoritative server. The configured value is a starting point; it is automatically adjusted downward if the server is partially or completely non-responsive. The algorithm used to adjust the quota can be configured via the "fetch-quota-params" option. - "fetches-per-zone" limits the number of simultaneous queries that can be sent for names within a single domain. (Note: Unlike "fetches-per-server", this value is not self-tuning.) - New stats counters have been added to count queries spilled due to these quotas. These options are not available by default; use "configure --enable-fetchlimit" (or --enable-developer) to include them in the build. See the ARM for details of these options. [RT #37125]
This commit is contained in:
Evan Hunt
53
bin/tests/system/fetchlimit/Makefile.in
Normal file
53
bin/tests/system/fetchlimit/Makefile.in
Normal file
@@ -0,0 +1,53 @@
|
||||
# Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
# purpose with or without fee is hereby granted, provided that the above
|
||||
# copyright notice and this permission notice appear in all copies.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_VERSION@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
CINCLUDES = ${ISC_INCLUDES}
|
||||
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
DNSLIBS =
|
||||
ISCLIBS = .
|
||||
|
||||
DNSDEPLIBS =
|
||||
ISCDEPLIBS =
|
||||
|
||||
DEPLIBS =
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
TARGETS = fetchlimit@EXEEXT@
|
||||
|
||||
FILTEROBJS = fetchlimit.@O@
|
||||
|
||||
SRCS = fetchlimit.c
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
all: fetchlimit@EXEEXT@
|
||||
|
||||
fetchlimit@EXEEXT@: ${FILTEROBJS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${FILTEROBJS} ${LIBS}
|
||||
|
||||
clean distclean::
|
||||
rm -f ${TARGETS}
|
||||
|
||||
Reference in New Issue
Block a user