[ratelimits] Logging category

Masato Minda minmin at jprs.co.jp
Mon May 13 09:02:54 UTC 2013


Dear Vernon-san;

Thank you for great work for ratelimit.

On 2013/05/09 5:26, Vernon Schryver wrote:
> 
> Responses that are slipped ro dropped are logged in "queries"
> category at the "info" level.  That is the same category and level
> at which the query itself and any other errors are logged.  Rate
> limit dispositions should no more than double the noise in the
> "queries" category.   If the "queries" category is too busy (it
> often is), consider turning of query logging.

We (.jp) have probrem in this feature.

a.dns.jp and g.dns.jp (.jp's NS) are logging and archiving querylog
always in a long time. (since 2004, of course, we need huge storage.)
And we are using the log for researching and analyzing the state of DNS.
Latest work is in the OARC Spring 2013 Workshop.

  "Increasing DS queries for JP DNS servers
     and a proposal for its countermeasures"

https://indico.dns-oarc.net/indico/conferenceOtherViews.py?view=standard&confId=0

During reflector attack, the querylog is increased. But state of RRL,
drop and stop are more increased of querylog. We would like to record a
querylog in reflector attack. However, we do not want to record the
state of RRL on the same querylog. It is the last option that we stop a
querylog. We want on/off feature of the state of RRL or logging
different from a queries category.

Regards.

--
Masato minmin Minda <minmin at jprs.co.jp>
Japan Registry Services Co., Ltd. (JPRS)




More information about the ratelimits mailing list