[ratelimits] lots more tcp clients

Richard Doty rad at twig.com
Tue Oct 2 15:17:38 UTC 2012

Greetings, rate limiters.

As an anti-spoofing measure, diverting suspicious clients to tcp make 
sense.  And I understand that from an anti-spoofing point of view, there 
is no reason to ratelimit tcp queries.  But if a non-spoofed client is 
just asking over and over, he ends up being a tcp client that is asking 
over and over, and eventually I get "no more TCP clients: quota reached".

Is there any help for this?

Fwiw the case that prompts this question is a delegation to nameservers 
that are unavailable; so the client _might_ be retrying a failed query; 
I haven't tried to contact the client to ask why they are doing this.  
But the general case is still there - the ratelimit patch just agravates it.



More information about the ratelimits mailing list