[ratelimits] RRL patches for 9.8.4 and 9.9.2
chip at 2bithacker.net
Thu Oct 25 19:58:00 UTC 2012
On 22-Oct-2012, Vernon Schryver <vjs at rhyolite.com> sent:
> Before trying all-per-second, I would try reducing the responses-per-
> second limit. A very low responses-per-second rate of 5 or 10
> should at worst make legitimate clients retry or use TCP.
I've dropped the responses-per-second down to 5 (we had been
running at 15) and this appears to have made a significant
difference in the number of queries we're dropping due to rate
limit, about 9x increase.
> In other words, the new all-per-second knob exists only to
> answer popular demand. I don't think it's a good idea.
I can understand that, but in cases where we were previously
running custom scripts to completely blackhole offending IPs, I
was considering the all-per-second to be an improvement over
that. If I can keep the traffic under control with responses-per-
second, I'd much rather take that route.
Thanks for all your work on this patch, it's a great addition to
bind for anyone running a large authoritative nameserver.
Chip Marshall <chip at 2bithacker.net>
http://weblog.2bithacker.net/ KB1QYW PGP key ID 43C4819E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 195 bytes
Desc: not available
More information about the ratelimits