[ratelimits] Remarks regarding the Knot DNS 1.2.0 RRL implementation

Paul Vixie paul at redbarn.org
Tue Mar 5 13:06:51 UTC 2013

Matthijs Mekking wrote:
> On 03/05/2013 12:11 PM, Paul Vixie wrote:
> But that is not what we are doing. If there is a collision, we reset the
> counter, we don't group them together.


ah ok. that, combined with your random initial seed, is good enough for
me. thanks for explaining.

>>> If we would see more collisions, we could implement bucket chains or
>>> some other collision avoid mechanism in NSD.
>> how will you know?
> I hope our users will give us that feedback (we ourselves are a user
> too). If collisions occur, they should see frequent unblock/block log
> messages, and an increase in outbound traffic because of the flapping.

would you find it burdensome to keep a 4-byte H(full tuple) in the
bucket so that you can detect a collision and log it explicitly?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130305/7d3c7ae6/attachment.htm>

More information about the ratelimits mailing list