[ratelimits] RRL vs other approaches
Jared Mauch
jared at puck.nether.net
Tue Feb 19 14:44:01 UTC 2013
On Feb 19, 2013, at 8:48 AM, Edward Lewis wrote:
> My apologies, I was preparing something for this list last Friday and it's taken a bit longer to put all of the arguments together. (In response to off-list prompting.) Monday was a holiday here too, nevertheless, I'm trying to prepare a different talk first. Eventually I'll emit an "manifesto." ;)
>
> What I have is not "anti-RRL" in anyway, but rationale for a "deeper" solution.
>
> Thank you for saying this - I have it saved as a draft and it skipped my mind for the time being.
Sending back TC to "authenticate" clients would likely help reduce the abuse of 'udp any'
I was "forced" to rebuild my dns server in the past week or so.. I have not built-in the rrl patch yet as part of the running server and have noticed that the CPU usage is significantly lower. (Instead of "150%" it's about 50% of a core).
Right now I'm debating if it makes sense to continue to patch w/ rrl due to the much higher "cost" (2-3x)
- Jared
More information about the ratelimits
mailing list