[ratelimits] rrl in the nominet blog

Paul Vixie paul at redbarn.org
Thu Jun 30 05:44:38 UTC 2016

<<One outstanding question for us is why didn’t response rate limiting 
(RRL) kick in? The nameserver involved was apparently configured to do 
this limiting, and each error response should have contributed to it 
being triggered. The nature of this event means that even dropping a 
single response would be enough to stop it in its tracks. Sure enough, 
it was determined that RRL was not correctly configured at that time. We 
now have it running and occasionally we see short bursts of this 
behaviour; but they do not have the chance to develop to the scale seen 
here before the RRL kicks in.>>


P Vixie

More information about the ratelimits mailing list