Yannik Sembritzki
Yannik Sembritzki
@lanl0rd Rate limiting needs to limited to domains which could not possibly be valid acme-dns subdomains, because otherwise third parties could dos your acme-dns service by repeatedly requesting certificates from...
We now have a working fail2ban filter for this: https://github.com/joohoi/acme-dns/issues/268#issuecomment-891165077
acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer
Can confirm this issue.
acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer
I opened a PR to fix this: https://github.com/joohoi/acme-dns/pull/264
acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer
@L3Nerd My fix works perfectly fine, but @joohoi isn't really active on this project anymore and did not merge it (yet).
acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer
Feel free to use it :-)
@lanl0rd I have implemented logging of ips in my branch [log-ips](https://github.com/Yannik/acme-dns/tree/log-ips). I have opened a PR for this at #271. I have also merged this into my [fork](https://github.com/Yannik/acme-dns/tree/fork) branch, which...
For now I have blocked pizzaseo using iptables on the docker host: ``` iptables -I FORWARD 1 -p udp --dport 53 -m string --algo kmp --string "pizzaseo" -j DROP ```...
Hey @nogaff, good idea, and thanks for providing this detailed explanation of your iptables command! Based on your idea I thought that (as a clean solution), dropping all requests that...
@nogaff Why are you using the PREROUTING chain in the raw table instead of the mangle table?