/ratelimit

CoreDNS plugin that enables response rate limiting to mitigate DNS attacks.

Primary LanguageGoMIT LicenseMIT

ratelimit

CI CodeQL codecov Go Report Card Go Reference GitHub

Description

The ratelimit plugin enables response rate limiting to mitigate DNS attacks.

Syntax

ratelimit LIMIT
  • LIMIT the amount of responses-per-second allowed from an IP.
ratelimit LIMIT {
    whitelist [IPs...]
}
  • whitelist the list of IPs exluded from rate limit.

Metrics

If monitoring is enabled (via the prometheus plugin) then the following metric are exported:

  • coredns_ratelimit_dropped_request_total{server} - count per server

Examples

ratelimit 50 {
    whitelist 127.0.0.1 192.168.1.25 10.240.1.1
}