[ratelimits] I-D-ing rate limiting?

Paul Vixie paul at redbarn.org
Wed Apr 17 18:09:22 UTC 2013



WBrown at e1b.org wrote:

>> ... Especially as the implementations still differ yet are interoperable.
>
> Isn't the interoperability due to the fact that RRL only interacts with 
> DNS clients, not other authoritative name servers. ...

that's my view of the def'n of "interoperability" as it applies here.

> ... In that case, is there 
> really a need for all versions to work exactly the the same?   Shouldn't a 
> DNS server be able to protect itself in any manner the authors feel works 
> best as long as reasonable clients can resolve their queries?

yes and no. yes, name server implementors should compete to build the
best possible rate limiting. but also no, it's necessary for large
multi-server authority operators to have the same kind of rate limiting
on all of their servers, and they want to be able to use more than one
rdns vendor to avoid monoclonal problems like packet-of-death
vulnerabilities.

> As more is learned about rate limiting, perhaps best practices can be 
> developed, and some things that are done now may be proven ineffective, 
> but does any of this need to ultimately end up as an RFC?

yes, even if it's an FYI or BCP document rather than a STD.

paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130417/b394289f/attachment.htm>


More information about the ratelimits mailing list