[ratelimits] ratelimiting /24 for <tld>
Vernon Schryver
vjs at rhyolite.com
Mon Jul 9 00:18:20 UTC 2012
> From: Tony Finch <dot at dotat.at>
I'm wrong about recursion. Because the rate limit check is before
the "resume:" label, a return from recursion does not get checked.
I think I'll change that in the next version, but never mind that.
I think that the only way the current rate limit check can be
repeated is if the query is restarted in query_find(). I think
that can only happen for DNAMEs, CNAMEs, and RPZ. I see no CNAMEs
or DNAMEs related to api.twitter.com.
The rest of this is merely 'showing my work' in support of not seeing
the check extra check for com that you see.
Do you have some RPZ zones?
With your query.c file in my rrl patched bind-9.9.1-P1 tree and with this
as the first request
dig +cdflag +dnssec +tries=1 +time=1000 -p8053 api.twitter.com:
I see these log messages:
09-Jul-2012 00:06:00.085 queries: info: client 127.0.0.1#23840 (api.twitter.com): query: api.twitter.com IN A +EDC (127.0.0.1)
09-Jul-2012 00:06:00.085 rate-limit: debug 1: client 127.0.0.1#23840 (api.twitter.com): checking rate limit for (relative?)
(That "(relative)" is why I'm going to move the rrl check after resume:)
With these as the first two requests,
dig +cdflag +dnssec +tries=1 +time=1000 -p8053 net.
dig +cdflag +dnssec +tries=1 +time=1000 -p8053 api.twitter.com
I still don't see 'com':
09-Jul-2012 00:11:46.534 queries: info: client 127.0.0.1#34650 (net): query: net IN A +EDC (127.0.0.1)
09-Jul-2012 00:11:46.534 rate-limit: debug 1: client 127.0.0.1#34650 (net): checking rate limit for (relative?)
09-Jul-2012 00:11:46.791 query-errors: debug 4: fetch completed at resolver.c:7305 for net/A in 0.256833: success/success [domain:net,referral:1,restart:1,qrysent:1,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
09-Jul-2012 00:11:53.558 queries: info: client 127.0.0.1#23930 (api.twitter.com): query: api.twitter.com IN A +EDC (127.0.0.1)
09-Jul-2012 00:11:53.558 rate-limit: debug 1: client 127.0.0.1#23930 (api.twitter.com): checking rate limit for .
Vernon Schryver vjs at rhyolite.com
More information about the ratelimits
mailing list