[ratelimits] How to validate the use of RRL?

paul vixie paul at redbarn.org
Wed Nov 7 12:03:59 UTC 2012

On 11/7/2012 7:33 AM, Feng He wrote:
> Hello,
> I have the future questions about RRL that:
> #1 what's the meanings of responses-per-second and window in the config?

responses per second means: what is the maximum number of similar
responses that the server will send to a similar requestor-address?

window: how long will the server remember a "quota exceeded" condition
for a given kind of response having been sent to a given block of

in short, responses per second is a quota, window is a penalty box.

> #2 under which condition RRL rejects the query, and under which
> condition it truncates the response?

of responses which exceed the quota, (slip - 1)/slip will be dropped,
and 1/slip will be truncated. this means for a slip rate of 2, half the
over-quota responses are dropped half truncated, whereas for a slip rate
of 3, two thirds are dropped and one third are truncated, and so on.

> #3 how to enable the log items for RRL? for example, I want to check
> what IP and what domains are influenced by RRL. 

the ARM text pointed to by http://www.redbarn.org/dns/ratelimit contains
examples of logging config.


More information about the ratelimits mailing list