[ratelimits] what does "same response" really mean?

Bob Harold rharolde at umich.edu
Wed Jan 23 14:26:34 UTC 2013 

Does the ratelimit patch consider everything in, for example, "hp.com" to
be the same response?  I set up a test server with the ratelimit patch and
pointed my pc at it.  Even as a single user, I get throttled sometimes,
loading a single web page (hp.com for example).  I realize that it was not
intended for recursive queries, but I think I would see the same problem if
this were the authoritative server that my local DNS was going to.

    rate-limit {
responses-per-second 5;
window 5;
    };

# actual sample, only changed IP addresses to anonymize
23-Jan-2013 08:48:11.990 queries: info: client 1.2.3.4#61625: query:
hp.comIN A + (5.6.7.8)
23-Jan-2013 08:48:12.551 queries: info: client 1.2.3.4#60114: query:
www.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:14.641 queries: info: client 1.2.3.4#51347: query:
www8.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:14.656 queries: info: client 1.2.3.4#59338: query:
welcome.hp-ww.com IN A + (5.6.7.8)
23-Jan-2013 08:48:15.559 queries: info: client 1.2.3.4#63868: query:
hewlettpackard.tt.omtrdc.net IN A + (5.6.7.8)
23-Jan-2013 08:48:15.923 queries: info: client 1.2.3.4#53774: query:
government.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:15.930 queries: info: client 1.2.3.4#62554: query:
h10010.www1.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:15.930 queries: info: client 1.2.3.4#55779: query:
h10088.www1.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.013 queries: info: client 1.2.3.4#51558: query:
h17007.www1.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.112 queries: info: client 1.2.3.4#54389: query:
h18004.www1.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.125 queries: info: client 1.2.3.4#56340: query:
h20180.www2.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.198 queries: info: client 1.2.3.4#62352: query:
h20384.www2.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.296 queries: info: client 1.2.3.4#60417: query:
h30046.www3.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.297 queries: info: client 1.2.3.4#57234: query:
h30094.www3.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.297 queries: info: client 1.2.3.4#57234: drop response
to 99.118.80.0/24 for hp.com IN A  (000030ec)
23-Jan-2013 08:48:16.314 queries: info: client 1.2.3.4#51911: query:
shopping1.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.314 queries: info: client 1.2.3.4#51911: slip response
to 99.118.80.0/24 for hp.com IN A  (000030ec)
23-Jan-2013 08:48:16.431 queries: info: client 1.2.3.4#57290: query:
shopping1.hp.com IN A +T (5.6.7.8)
23-Jan-2013 08:48:16.501 queries: info: client 1.2.3.4#50066: query:
welcome.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.501 queries: info: client 1.2.3.4#50066: drop response
to 99.118.80.0/24 for hp.com IN A  (000030ec)
23-Jan-2013 08:48:16.664 queries: info: client 1.2.3.4#56857: query:
www.shopping.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.664 queries: info: client 1.2.3.4#56857: slip response
to 99.118.80.0/24 for hp.com IN A  (000030ec)
23-Jan-2013 08:48:16.765 queries: info: client 1.2.3.4#55263: query:
aidps.atdmt.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.765 queries: info: client 1.2.3.4#60555: query:
cm.g.doubleclick.net IN A + (5.6.7.8)
23-Jan-2013 08:48:16.765 queries: info: client 1.2.3.4#49838: query:
d.p-td.com IN A + (5.6.7.8)
23-Jan-2013 08:48:16.820 queries: info: client 1.2.3.4#57291: query:
www.shopping.hp.com IN A +T (5.6.7.8)
23-Jan-2013 08:48:16.921 queries: info: client 1.2.3.4#65359: query:
d.turn.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.027 queries: info: client 1.2.3.4#54446: query:
g-pixel.invitemedia.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.040 queries: info: client 1.2.3.4#50246: query:
segment-pixel.invitemedia.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.167 queries: info: client 1.2.3.4#56970: query:
tags.bluekai.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.167 queries: info: client 1.2.3.4#57997: query:
www.snapfish.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.249 queries: info: client 1.2.3.4#54371: query:
met1.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.298 queries: info: client 1.2.3.4#57234: query:
h30094.www3.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.298 queries: info: client 1.2.3.4#57234: drop response
to 99.118.80.0/24 for hp.com IN A  (000030ec)
23-Jan-2013 08:48:17.503 queries: info: client 1.2.3.4#50066: query:
welcome.hp.com IN A + (5.6.7.8)
23-Jan-2013 08:48:17.503 queries: info: client 1.2.3.4#50066: slip response
to 99.118.80.0/24 for hp.com IN A  (000030ec)
23-Jan-2013 08:48:17.618 queries: info: client 1.2.3.4#57308: query:
welcome.hp.com IN A +T (5.6.7.8)

I did DNS lookups on each of these and only a few resolve to the same IP
addresses.  For instance the last one, welcome.hp.com, has a different
response than all but one of the others, so how could it be rate limited?

-- 
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharolde at umich.edu
734-647-6524 desk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130123/bedd49d4/attachment.htm>

More information about the ratelimits mailing list