Feature Request: change name of log file to add fail2ban support

[FlossFarrier]

Hey.

Another idea to improve security:

The log files are now formatted by date: 2024-07-21.log

In order to be able to parse them by external services like fail2ban to block flooding bad nxdomain requests, a static name (e.g. dns.log) for the actual log file would be much easier to parse.

Or is there an in-built function like fail2ban which I didn't find yet?

Thanks and greetings, Magnus.

[ShreyasZare]

Thanks for the post. Parsing the text logs is not recommended since the format may change in later versions causing issues.

If you wish to mitigate abuse then there is Query Per Minute option in Settings which will start throttling requests when the threshold is crossed. There is also Drop Requests app which you can install and configure it to drop requests that match certain domain or type.

Let me know if these options work for your scenario.

[FlossFarrier]

Hey @ShreyasZare.

Thank you - I am so happy with your DNS Server 👍🏽 🤩 full of functions that I didn't see the rate limit option in the first place. Thanks, that's perfectly fine for the moment.

Is there a way (e.g. an API call) to get the temporarily banned IPs which I could call by a script on a regular basis? We'd like to perform a permanent ban on our firewall level for those IPs wich repeatedly abuse our servers.

[ShreyasZare]

You're welcome!

You can use the Get Top Stats API which will list all the clients with the "rateLimited" property. You will need to call this API every few minutes to get the latest data since there is no "block list" for the rate limiting feature. The feature just checks if the query rate in stats goes over the configured one.