Pull request 187: 6368-ratelimit-subnet-len
Squashed commit of the following: commit 0dbe30782be1069d43d3f615a286325bc72f75a3 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Nov 9 14:22:31 2023 +0300 Configuration: fix typo commit 53c94724f7d6178c15dc699b0de631edb5ebb064 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Nov 8 17:51:57 2023 +0300 Configuration: imp docs commit 2f0dbdad69a4c571cc4dba53ce87d5dcecc55b40 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Nov 7 20:23:36 2023 +0300 Configuration: ratelimit subnet len
parent
a3c6e0cecd
commit
3081c32be0
|
@ -467,9 +467,20 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
|
|||
- **Before v0.107.24** query log settings were part of the `dns` object.
|
||||
**Since v0.107.24** query log settings are part of `querylog` object.
|
||||
- **Anti-DNS amplification features**
|
||||
- `ratelimit` — DDoS protection, specifies in how many packets per second a client should receive. Anything above that is silently dropped. To disable set 0, default is 20. Safe to disable if DNS server is not available from internet.
|
||||
- `ratelimit_whitelist` — If you want exclude some IP addresses from ratelimiting but keep ratelimiting on for others, put them here.
|
||||
- `refuse_any` — Another DDoS protection mechanism. Requests of type ANY are rarely needed, so refusing to serve them mitigates against attackers trying to use your DNS as a reflection. Safe to disable if DNS server is not available from internet.
|
||||
- `ratelimit`: DDoS protection, specifies how many queries per second
|
||||
AdGuard Home should handle. Anything above that is silently dropped. To
|
||||
disable set to `0`, default is `20`. Safe to disable if DNS server is not
|
||||
available from internet.
|
||||
- `ratelimit_subnet_len_ipv4`: Subnet length for IPv4 addresses used for
|
||||
rate limiting requests. Default is `24`.
|
||||
- `ratelimit_subnet_len_ipv6`: Subnet length for IPv6 addresses used for
|
||||
rate limiting requests. Default is `56`.
|
||||
- `ratelimit_whitelist`: If you want exclude some IP addresses from
|
||||
ratelimiting but keep ratelimiting on for others, put them here.
|
||||
- `refuse_any`: Another DDoS protection mechanism. Requests of type `ANY`
|
||||
are rarely needed, so refusing to serve them mitigates against attackers
|
||||
trying to use your DNS as a reflection. Safe to disable if DNS server is
|
||||
not available from internet.
|
||||
- **Upstream DNS servers settings:**
|
||||
- `upstream_dns`: List of upstream DNS servers.
|
||||
|
||||
|
|
Loading…
Reference in New Issue