[ratelimits] RRL vs other approaches

Jared Mauch jared at puck.nether.net
Tue Feb 19 14:44:01 UTC 2013

On Feb 19, 2013, at 8:48 AM, Edward Lewis wrote:

> My apologies, I was preparing something for this list last Friday and it's taken a bit longer to put all of the arguments together.  (In response to off-list prompting.)  Monday was a holiday here too, nevertheless, I'm trying to prepare a different talk first.  Eventually I'll emit an "manifesto." ;)
> What I have is not "anti-RRL" in anyway, but rationale for a "deeper" solution.
> Thank you for saying this - I have it saved as a draft and it skipped my mind for the time being.

Sending back TC to "authenticate" clients would likely help reduce the abuse of 'udp any'

I was "forced" to rebuild my dns server in the past week or so.. I have not built-in the rrl patch yet as part of the running server and have noticed that the CPU usage is significantly lower.  (Instead of "150%" it's about 50% of a core).

Right now I'm debating if it makes sense to continue to patch w/ rrl due to the much higher "cost" (2-3x)

- Jared

More information about the ratelimits mailing list