Probably best to ask Paul Vixie for confirmation<GRIN>.
I had implemented RRL when it was still an addon and that was what was
documented back then.
On 12/1/20 10:15 AM, Karl Pielorz wrote:
--On 1 December 2020 at 08:24:50 -0600 Lyle Giese
<l...@lcrcomputer.net> wrote:
You need to look at the reply named sends when it trips and starts
limiting UDP traffic source from a given IP address. It tells the
requestor to try again using TCP instead of UDP.
So if the requestor is a legit dns server, it will retry using TCP and
still get a valid answer.
Named does not blindly just drop traffic.
Hmmm, I thought it did for RRL limit hits? (i.e. that's the point - to
stop sending responses).
Documentation for rate-limit seemed a bit patchy e.g. KB aa-00994
references to "See ARM 6.2.15" - which doesn't exist. In fact a lot of
the KB documents reference Bind 9.9 - and things have moved on.
But I can see it's better explained in the current ARM / Section
4.2.14.19 now.
In fact, that entry also covers/says "Legitimate clients react to
dropped or truncated response by retrying with UDP or with TCP
respectively" - looks like it documents where these are in stats as
well (RateDropped / QryDropped et'al) - so I think I'm good to go.
-Karl
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
