[ratelimits] RRL patches for 9.8.4 and 9.9.2

Chip Marshall chip at 2bithacker.net
Thu Oct 25 19:58:00 UTC 2012

On 22-Oct-2012, Vernon Schryver <vjs at rhyolite.com> sent:
> Before trying all-per-second, I would try reducing the responses-per-
> second limit. A very low responses-per-second rate of 5 or 10
> should at worst make legitimate clients retry or use TCP.

I've dropped the responses-per-second down to 5 (we had been
running at 15) and this appears to have made a significant
difference in the number of queries we're dropping due to rate
limit, about 9x increase.

> In other words, the new all-per-second knob exists only to
> answer popular demand. I don't think it's a good idea.

I can understand that, but in cases where we were previously
running custom scripts to completely blackhole offending IPs, I
was considering the all-per-second to be an improvement over
that. If I can keep the traffic under control with responses-per-
second, I'd much rather take that route.

Thanks for all your work on this patch, it's a great addition to
bind for anyone running a large authoritative nameserver.

Chip Marshall <chip at 2bithacker.net>
http://weblog.2bithacker.net/          KB1QYW        PGP key ID 43C4819E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20121025/77972cea/attachment.pgp>

More information about the ratelimits mailing list