[ratelimits] CH/TXT/id.server queries rate-limited
Anand Buddhdev
anandb at ripe.net
Thu Oct 25 21:46:49 UTC 2012
Hi,
I've just upgraded our BIND server cluster to 9.9.2 with the rate-limit
patch. I have two questions:
a) I haven't enabled any rate-limit configuration in named.conf yet, but
now I'm seeing this in the log:
rate-limit: limit responses to x.y.0.0/16 for id.server CH TXT (00a3d4c4)
rate-limit: limit responses to xxxx:yyyy::/32 for id.server CH TXT
(00a3d4c4)
Is this intentional?
b) One just one server, I've now activated rate limits with:
rate-limit {
responses-per-second 10;
nxdomains-per-second 0;
max-table-size 40000;
};
25-Oct-2012 21:34:32.850 rate-limit: limit responses to a.b.c.0/24 for
ripe.net IN ANY (0002000e)
25-Oct-2012 21:34:35.059 rate-limit: stop limiting responses to
a.b.c.0/24 for ripe.net IN ANY (0002000e)
25-Oct-2012 21:34:42.721 rate-limit: limit responses to a.b.c.0/24 for
ripe.net IN ANY (0002000e)
25-Oct-2012 21:34:44.900 rate-limit: stop limiting responses to
a.b.c.0/24 for ripe.net IN ANY (0002000e)
It looks like rate-limits kick in for this network, but two or three
seconds later the rate-limit is removed. There are many such log lines,
showing the limit being removed around two seconds after it is first
applied. I thought the limit would be enforced for at least "window"
seconds. Have I misunderstood something?
Regards,
Anand
More information about the ratelimits
mailing list