[ratelimits] can't trigger rate-limit

Irwin Tillman irwin at princeton.edu
Tue Jan 1 19:33:59 UTC 2013 

> Perhaps it would help evolve a small configuration that works toward your actual configuration.  

Thanks for the suggestion.
I', able to see the same behavior (rate-limit does not seem to trigger)
with the same minimal config you used:

% cat /tmp/named.conf  

options {
   directory        "/tmp";
   pid-file         "pid";
   session-keyfile  "session.key";
   listen-on        port 8053 { 127.0.0.1; };
   rate-limit {
       responses-per-second 5;
   };
};
logging {
    channel rl {
        severity info;
        print-category yes; print-time yes; print-severity yes; file "rl-log";
    };
    category rate-limit { rl; };
};


# /usr/local/sbin/named -f -c /tmp/named.conf

%  repeat 10 dig @127.0.0.1 +short +tries=1 +time=3  -p 8053 rhyolite.com
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3
192.188.61.3

Repeating for larger repeat counts, and using queryperf to flood the server with higher volumes
also didn't trigger rate-limit.

# (kill named)


messages:

 named[13482]: starting BIND 9.9.2-vjs340.03-P1 -f -c /tmp/named.conf
 named[13482]: built with '--sysconfdir=/usr/local/etc' 'CC=cc' 'CFLAGS=-L/usr/local/lib -fast' 'LDFLAGS=-R/usr/local/lib'
 named[13482]: ----------------------------------------------------
 named[13482]: BIND 9 is maintained by Internet Systems Consortium,
 named[13482]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
 named[13482]: corporation.  Support and training for BIND 9 are 
 named[13482]: available at https://www.isc.org/support
 named[13482]: ----------------------------------------------------
 named[13482]: open: /usr/local/etc/rndc.key: file not found
 named[13482]: couldn't add command channel 127.0.0.1#953: file not found
 named[13482]: open: /usr/local/etc/rndc.key: file not found
 named[13482]: couldn't add command channel ::1#953: file not found
 named[13482]: all zones loaded
 named[13482]: running
 named[13482]: clients-per-query increased to 15
 named[13482]: exiting


% ls -l /tmp/rl-log 
-rw-r--r--   1 named    named          0 Jan  1 14:08 /tmp/rl-log

Platform: Solaris 10 SPARC

If there's other tests I should try, or more detailed logging output I should
collect, I'll be happy to do so.

Irwin Tillman

More information about the ratelimits mailing list