[ratelimits] rate limiting recursive server
vjs at rhyolite.com
Thu May 9 14:34:40 UTC 2013
> From: Bob Harold <rharolde at umich.edu>
> If I open a browser (that I think does local caching) and go to "hp.com"
> note that for example a query for "h10120.www1.hp.com" is seen by RRL as
> another of many queries for "hp.com", and gets rate-limited:
> 09-May-2013 10:01:48.165 queries: info: client MY-IP#55435: query:
> h10120.www1.hp.com IN A + (MY-DNS)
> 09-May-2013 10:01:48.165 queries: info: client MY-IP#55435: drop referral
> to 18.104.22.168/24 for hp.com IN A (000030ec)
Why is your recursive resolver responding with a referral instead
of recursing to get the real answer?
Which browser resolves domain names with RD=0?
Why don't those DNS caching browser cache the NS and A RRs for hp.com
from the first referral?
> If I could fix it so that RRL is based on the actual query, or the complete
> response, being the same, then it would probably work reasonably for a
> recursive server, with caching clients.
RRL is is based on the complete response. The second 'R' in "RRL"
stands for "response." The responses to `dig +norec asdf1.hp.com`,
`dig +norec asdf2.hp.com`, and `dig +norec asdf3.hp.com` are the same.
Vernon Schryver vjs at rhyolite.com
More information about the ratelimits