I've tested several "window"-values (5-3600) with fast-querying the
nameserver from one single client with always the same query. As
explained by Tony the "window" means the time, which the client must
wait, after he stops fast-querying the nameserver while he was
successfully dropped.
In my tests, I never had to wait for about more than about 5s.
I've configured rate-limits like this:
rate-limit {
responses-per-second 5;
slip 0;
window 5;
log-only no; };
Could someone explain the problem here? Why do I never have to wait
longer than about 5s until I'm able to query the nameserver from the
unique client with the same query again?
Many thanks.
Kind regards,
Tom
On 03/27/2017 11:33 AM, Tony Finch wrote:
Tom <tomtux...@gmail.com> wrote:
Can someone explain the behaviour of "window" in the rate-limit-context?
It basically determines the time after a client that was querying very
fast but then stopped is allowed to receive responses again.
When a client repeats a query, its counter is decremented until it reaches
the minimum `-1 * window * responses-per-second`. Its counter is
incremented by `responses-per-second` each second, so after the client
stops querying it will be `window` seconds before the counter becomes
positive which means the client is allowed to receive responses again.
Tony.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
