[ratelimits] rate limiting recursive server

Bob Harold rharolde at umich.edu
Thu May 9 14:14:22 UTC 2013

The problem that I ran into is that different queries in the same domain
were all considered the same by the RRL code, so a single client loading a
web page could easily hit the limit and be slowed down by the
dropped responses.  If you set the "IPv4-prefix-length" to "32", and "slip"
to "1", and a high "responses-per-second", it might be workable, but I have
not dared to inflict it on my users yet.

If I open a browser (that I think does local caching) and go to "hp.com"
note that for example a query for "h10120.www1.hp.com" is seen by RRL as
another of many queries for "hp.com", and gets rate-limited:

09-May-2013 10:01:48.165 queries: info: client MY-IP#55435: query:
h10120.www1.hp.com IN A + (MY-DNS)
09-May-2013 10:01:48.165 queries: info: client MY-IP#55435: drop referral
to for hp.com IN A  (000030ec)

If I could fix it so that RRL is based on the actual query, or the complete
response, being the same, then it would probably work reasonably for a
recursive server, with caching clients.

Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharolde at umich.edu
734-647-6524 desk

Date: Thu, 9 May 2013 10:07:20 +1200

> From: Jay Daley <jay at nzrs.net.nz>
> To: "ratelimits at lists.redbarn.org" <ratelimits at lists.redbarn.org>
> Subject: Re: [ratelimits] rate limiting recursive server
> Message-ID: <359330F0-025B-4401-84C2-3DD7289BA130 at nzrs.net.nz>
> Content-Type: text/plain; charset=us-ascii
> On 18/04/2013, at 2:13 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
> > ...
> > That implies that the server isn't used by SMTP servers, HTTP clients,
> > or other applications that send bursts of identical DNS requests.
> > ...
> Does anyone know of any studies done or other evidence that would help
> understand exactly what would break (or slow down) if RRL were used on a
> recursive resolver?  For example has anyone looked at traffic being
> received by a recursive resolver, identified bursts of identical DNS
> requests and then analysed those to find out what the client is that
> generates them and what percentage of their traffic they are?
> Correct me if I'm wrong but I get the impression that caching is
> increasingly being added to clients either directly in the code or
> indirectly through the OS and so over time bursts of identical DNS requests
> will reduce in frequency as clients are upgraded?
> cheers
> Jay
> --
> Jay Daley
> Chief Executive
> .nz Registry Services (New Zealand Domain Name Registry Limited)
> desk: +64 4 931 6977
> mobile: +64 21 678840
> linkedin: www.linkedin.com/in/jaydaley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130509/0db680ce/attachment.htm>

More information about the ratelimits mailing list