Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15963
| From | Tony Finch <dot@dotat.at> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: DNS_RRL_MAX_RATE defines 1000 |
| Date | 2020-07-09 19:11 +0100 |
| Message-ID | <mailman.686.1594318279.942.bind-users@lists.isc.org> (permalink) |
| References | <f498fc56-e9f9-43a7-96f9-a85623fb1505@Spark> <b450df44-f9dd-4abd-a178-b816eb5cb28e@Spark> <alpine.DEB.2.20.2007081639280.9145@grey.csi.cam.ac.uk> <4633dc0e-7ad1-45f8-a0c0-351e08ad05d3@Spark> <alpine.DEB.2.20.2007091906130.29885@grey.csi.cam.ac.uk> |
Zhiyong Cheng <chengzhycn@gmail.com> wrote: > > We are using named cluster in our internal network as the authoritative > DNS. So there are no cache servers between clients and named cluster. > Maybe we should add one but it is just another story. Sorry, I wasn't completely clear: I was not saying that your authoritative servers should have a cache. I was saying that all the legitimate clients of your servers (the resolvers at ISPs areound the Internet) have caches. > To my mind the RRL should not limit queries with different qnames from > the same client. So is it my misunderstanding or wrong config? If you are querying for nonexistent names then RRL will treat the NXDOMAIN responses as equivalent, so it will rate-limit them. RRL limits responses, not queries. You can configure a different `nxdomains-per-second` limit if you want. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Rockall, Malin: Northwest 4 or 5. Moderate. Showers. Good.
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: DNS_RRL_MAX_RATE defines 1000 Tony Finch <dot@dotat.at> - 2020-07-09 19:11 +0100
csiph-web