[ratelimits] Remarks regarding the Knot DNS 1.2.0 RRL implementation
paul at redbarn.org
Tue Mar 5 13:06:51 UTC 2013
Matthijs Mekking wrote:
> On 03/05/2013 12:11 PM, Paul Vixie wrote:
> But that is not what we are doing. If there is a collision, we reset the
> counter, we don't group them together.
ah ok. that, combined with your random initial seed, is good enough for
me. thanks for explaining.
>>> If we would see more collisions, we could implement bucket chains or
>>> some other collision avoid mechanism in NSD.
>> how will you know?
> I hope our users will give us that feedback (we ourselves are a user
> too). If collisions occur, they should see frequent unblock/block log
> messages, and an increase in outbound traffic because of the flapping.
would you find it burdensome to keep a 4-byte H(full tuple) in the
bucket so that you can detect a collision and log it explicitly?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ratelimits