[ratelimits] dramatic effect of turning on RRL in BIND
Tony Finch
dot at dotat.at
Wed Jan 2 09:45:27 UTC 2013
Vernon Schryver <vjs at rhyolite.com> wrote:
>
> > For a production BIND, is responses-per-second 5 too small?
>
> That depends on whether the server is handling recursive requests.
>
> 5 resposes/second for a single name and type to a /24 IPv4 or /56 IPv6
> address block is a lot for most authoritative servers. Authoritative
> servers should be receiving requests from recursive servers which cache
> authoritative responses and so not repeat requests frequently.
My server is set to responses-per-second 2 and otherwise uses the
defaults. I occasionally see what appear to be false positives at this
setting, mainly because some large ISPs have farms of recursive name
servers sharing a /24, e.g. 12 queries from different addresses in
206.141.192.0/24 at 17:00:23 on the 31st Dec (four of which were retried
following a slip response and five of which were dropped). These are A
queries so probably not due to spam botnets.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the ratelimits
mailing list