erldns_query_throttle (erldns v10.5.3)

View Source

Stateful query throttling. Currently only throttles ANY queries.

We should throttle ANY and RRSIG queries to discourage use of our authoritative name servers for reflection/amplification attacks.

Configuration

{erldns, [
    {query_throttle, #{
        enabled := boolean(), %% defaults to true
        limit := non_neg_integer(), %% Number of queries to allow, defaults to 1
        ttl := non_neg_integer(), %% Seconds, defaults to 30
    }}
]}

Telemetry events

[erldns, pipeline, throttle]

Emitted when the query throttle pipe stops the request (e.g. UDP client over limit); response is truncated.

  • Measurements: #{count => non_neg_integer()} — request count that triggered throttle
  • Metadata: #{transport => udp, host => host()}

Summary

Functions

call/2

erldns_pipeline:call/2 callback.

clear()

Clear the cache

prepare(Opts)

erldns_pipeline:prepare/1 callback.

Functions

call/2

-spec call(dns:message(), erldns_pipeline:opts()) -> erldns_pipeline:return().

erldns_pipeline:call/2 callback.

clear()

-spec clear() -> true.

Clear the cache

prepare(Opts)

-spec prepare(erldns_pipeline:opts()) -> disabled | erldns_pipeline:opts().

erldns_pipeline:prepare/1 callback.