[ratelimits] RRL on CHAOS class?

Vernon Schryver vjs at rhyolite.com
Wed Sep 11 14:42:00 UTC 2013

> From: "Marco Davids (SIDN)" <marco.davids at sidn.nl>

> =46rom a few tests I just did, it seems to me that RRL (on BIND
> 9.9.1-vjs163.18-P1) does not work on the CHAOS class.
> A 'dig ch ANY authors.bind' doesn't seem to be rate limited.
> Because it results in a slight amplification factor of about 6, I wonder
> if this was overlooked (or if I have overlooked something).

I added rate limiting to the built-in chaos class in very early versions
of the RRL patches without mentioning it in public because of exactly
that issue with authors.bind.

Without searching ancient, off line backups, I can't say whether
9.9.1-vjs163.18-P1 limited the built-in bind zone.  My guess is that
it did, but that is merely an optimistic guess.  If it did not,
there is no likelihood that I would build a new patch for 9.9.1.

After the first RRL version that limited the bind zone, I doubled
the built-in limit because some people complained that the limit
squelching answers for the version record was too low.  They then
found the doubled limit still too low.

In some mailing list, I don't remember whether it was this one,
bind-users, or another, frequent questions and answers have been about
overriding the built-in bind zone contents and configuration including
RRL limits.  They are about the version record instead the authors
record, but mechanism is the same.  Simply define your own bind zone
with the records and configuration parameters you prefer.

Questions such as this should probably be directed to ISC, perhaps
via one of the mailboxes mentioned on https://www.isc.org/downloads/bind/
RRL is BIND 9.9.4 as a ./configure option, and so I have at most
indirect influence future RRL features and bug fixes.

Vernon Schryver    vjs at rhyolite.com

More information about the ratelimits mailing list