[ratelimits] How to validate the use of RRL?

paul vixie paul at redbarn.org
Wed Nov 7 06:49:50 UTC 2012

On 11/7/2012 6:10 AM, Feng He wrote:
> ...
> for i in `seq 0 9`;do dig @localhost +short +tries=1 +time=1 dnsbed.com a;done
> But it just works fine as no-rrl, I didn't see any exception. Why?

add +notcp to your 'dig' command or else it will try with TCP when it
gets TC=1 from RRL.

it is intentionally difficult to simulate the conditions under which RRL
is visible. if your test behaves the same way as a normal dns initiator
would behave, your results will be reliable, by design of RRL.

"I suspect I'm not known as a font of optimism." (VJS, 2012)

More information about the ratelimits mailing list