[ratelimits] can't trigger rate-limit

Matt Rowley matt at arin.net
Wed Jan 2 01:22:47 UTC 2013 

Irwin, just to be extra sure, could you paste us the commands you used to patch the source and build bind?

Cheers,
Matt


On Jan 1, 2013, at 2:34 PM, "Irwin Tillman" <irwin at princeton.edu> wrote:

>> Perhaps it would help evolve a small configuration that works toward your actual configuration.  
> 
> Thanks for the suggestion.
> I', able to see the same behavior (rate-limit does not seem to trigger)
> with the same minimal config you used:
> 
> % cat /tmp/named.conf  
> 
> options {
>   directory        "/tmp";
>   pid-file         "pid";
>   session-keyfile  "session.key";
>   listen-on        port 8053 { 127.0.0.1; };
>   rate-limit {
>       responses-per-second 5;
>   };
> };
> logging {
>    channel rl {
>        severity info;
>        print-category yes; print-time yes; print-severity yes; file "rl-log";
>    };
>    category rate-limit { rl; };
> };
> 
> 
> # /usr/local/sbin/named -f -c /tmp/named.conf
> 
> %  repeat 10 dig @127.0.0.1 +short +tries=1 +time=3  -p 8053 rhyolite.com
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 192.188.61.3
> 
> Repeating for larger repeat counts, and using queryperf to flood the server with higher volumes
> also didn't trigger rate-limit.
> 
> # (kill named)
> 
> 
> messages:
> 
> named[13482]: starting BIND 9.9.2-vjs340.03-P1 -f -c /tmp/named.conf
> named[13482]: built with '--sysconfdir=/usr/local/etc' 'CC=cc' 'CFLAGS=-L/usr/local/lib -fast' 'LDFLAGS=-R/usr/local/lib'
> named[13482]: ----------------------------------------------------
> named[13482]: BIND 9 is maintained by Internet Systems Consortium,
> named[13482]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
> named[13482]: corporation.  Support and training for BIND 9 are 
> named[13482]: available at https://www.isc.org/support
> named[13482]: ----------------------------------------------------
> named[13482]: open: /usr/local/etc/rndc.key: file not found
> named[13482]: couldn't add command channel 127.0.0.1#953: file not found
> named[13482]: open: /usr/local/etc/rndc.key: file not found
> named[13482]: couldn't add command channel ::1#953: file not found
> named[13482]: all zones loaded
> named[13482]: running
> named[13482]: clients-per-query increased to 15
> named[13482]: exiting
> 
> 
> % ls -l /tmp/rl-log 
> -rw-r--r--   1 named    named          0 Jan  1 14:08 /tmp/rl-log
> 
> Platform: Solaris 10 SPARC
> 
> If there's other tests I should try, or more detailed logging output I should
> collect, I'll be happy to do so.
> 
> Irwin Tillman
> _______________________________________________
> ratelimits mailing list
> ratelimits at lists.redbarn.org
> http://lists.redbarn.org/mailman/listinfo/ratelimits

More information about the ratelimits mailing list