Skip to content

Classic dynamic rules

To keep the configuration as simple as possible, Defender provides the ability to set all the dynamic rules supported by DNSdist from the Defender configuration file.

QType rate

This module implements DNSdist's DynBlockRulesGroup:setQTypeRate().

---
- type: qtype-rate
  qtype: AAAA
  rate: 2
  seconds: 2
  comment: "QType rate exceeded"
  action: refused
  action_duration: 60

Please refer to the QType Rate reference for the complete description of the settings.

Query rate

This module implements DNSdist's DynBlockRulesGroup:setQueryRate().

---
- type: query-rate
  rate: 2
  seconds: 2
  comment: "Query rate exceeded"
  action: refused
  action_duration: 60

Please refer to the Query Rate reference for the complete description of the settings.

RCode rate

This module implements DNSdist's DynBlockRulesGroup:setRCodeRate().

---
- type: rcode-rate
  rcode: ServFail
  rate: 2
  seconds: 2
  comment: "Too many ServFails"
  action: drop
  action_duration: 60

Please refer to the RCode Rate reference for the complete description of the settings.

RCode ratio

This module implements DNSdist's DynBlockRulesGroup:setRCodeRatio().

---
- type: rcode-ratio
  rcode: ServFail
  ratio: 0.5
  seconds: 2
  comment: "ServFail ratio is too high"
  action: truncate
  action_duration: 60
  minimum_number_of_responses: 10

Please refer to the RCode Ratio reference for the complete description of the settings.