[ratelimits] results of responses/sec, slip and window size settings

Vernon Schryver vjs at rhyolite.com
Tue May 14 22:41:15 UTC 2013


> From: =?ISO-8859-1?Q?Gergely_B=E1cskai?= <mor.mango at gmail.com>

> >From this info I think the "query/sec" was low because of my virtualbox,
> but I'm not sure about this..
>
> ...but this should not affect the count of success/failure.

On the contrary, an RRL test of 1000 identical queries sent at
1000 qps should have different numbers of dropped and slipped responses
compared to a test of the same 1000 queries sent at 0.1 qps.
The results of the RRL test in bin/tests/system/rrl/tests.sh
(see bin/tests/system/README) are ignored by default because they
sometimes fail on slower or busy systems.  A slow or busy system can
fail to send the bursts of queries fast enough to provoke as much
rate limiting as one might expect.


> I have set the logging in my BIND server, but the only log related to RRL I
> could find is in the "/var/log/named/bind-queries.log"

Please consider the concurrent discussion of RRL logging in this
mailing list.  Please also consider something like this:

        channel rrl-log {
                file "/var/log/named/rrl.log" versions 10 size 10m;
                print-category yes;
                print-severity yes;
                print-time yes;
                severity debug 3;
        };
        category queries { rrl-log; };
        category query-errors { rrl-log; };
        category rate-limit { rrl-log; };

Or perhaps "severity debug 4" or even "severity debug 9"

That will give more then enough information to see whether each
response should have been and was sent, slipped, or dropped.


> (Or maybe could anybody suggest a method that I can use to get the
> "expected" results of the mentioned RRL-settings?)

It is not an accident or oversight that the rrl tests in
bin/tests/system/rrl/tests.sh do not use queryperf.  Queryperf is a
fine tool for its intended purposes, but I do not think those purposes
include fine grain RRL testing.  I'm not proud of the `dig` kludge in
rrl/tests.sh, but I think it works better than queryperf.


Vernon Schryver    vjs at rhyolite.com


More information about the ratelimits mailing list