[ratelimits] can't trigger rate-limit
Irwin Tillman
irwin at princeton.edu
Tue Jan 1 02:33:43 UTC 2013
I'm unable to get the rate-limit to trigger.
I figure I'm missing something simple.
Platform: BIND 9.9.2-P1 with the rate limit patch on Solaris 10 SPARC.
It's an authoritative only server.
When I test with:
repeat 10 dig @server-ip-address +short +tries=1 +time=1 my-zone.com a
or flood it with a few thousand queries per second:
bind-9.9.2-P1/contrib/queryperf/queryperf -d /usr/tmp/querperf-infile -s server-ip-address -l 30 -q 20 -t 1
...I don't see rate-limit trigger.
Packet capture shows the queries reaching the server and the server unexpectedly responding to all of them.
I don't see the server rate-limiting its responses to the queries.
After either test, syslog doesn't contain any message about rate-limiting a flow.
After the tests, the statistics-file doesn't contain any of the new categories.
syslog does mention while it's running:
named[18244]: rate-limit: info: increase from 503 to 569 RRL bins for 500 entries; average search length 3.5
...so the rate-limit feature is alive.
My config:
options {
...
rate-limit {
responses-per-second 5;
};
};
logging {
...
channel my_syslog_info {
syslog daemon;
severity info;
print-category yes;
print-severity yes;
};
category rate-limit { my_syslog_info; default_debug; };
};
view "default" {
# match-clients defaults to all
... various zones (hints, masters, slaves)
};
view "hide-class-chaos" CHAOS {
# match-clients defaults to all
allow-query { none; };
};
More information about the ratelimits
mailing list