[ratelimits] new RRL patches with small bug fix
Geert Jan de Groot
GeertJan.deGroot at xs4all.nl
Fri Apr 5 20:25:15 UTC 2013
On Fri, 05 Apr 2013 12:00:01 +0000 ratelimits-request at lists.redbarn.org wrote:
> DNS RRL is not recommended for recursive servers, because DNS clients
> can send bursts of identical, legitimate requests.
I'm surprised by this. I thought that something like this would work,
and it did when I tested it:
acl clients {
127.0.0.1/32;
192.0.2.0/24;
...
};
options {
...
allow-recursion {
clients;
};
rate-limit {
responses-per-second 5;
window 5;
exempt-clients {
clients;
};
};
};
What am I missing?
Geert Jan
More information about the ratelimits
mailing list