Vernon Schryver <[email protected]> wrote: > > The second issue concerns log noise and the popular enthusiasm for > using Bloom filters for DNS response rate limiting. I've heard more > than one suggestion for using Bloom filters for DNS response rate > limiting. Bloom filters are a great idea for some things but I think > they a problem instead of a solution here.
They might turn out to be part of a solution. The reason I'm basing my work on a Bloom filter is to avoid any per-client scaling costs. There's a fixed per-packet overhead, a fixed memory cost (which should be scaled with the server's overall load), and a fairly cheap periodic cleaning task. No dynamic memory allocation. Your operational criticisms of the probabilistic approach are quite correct. It may also turn out to cost too much to get an acceptably low false positive rate. But, it might be worth putting a smallish Bloom filter in front of an accurate traffic accounting system, so that the server only needs to spend resources tracking the heaviest users, along the lines described in http://pages.cs.wisc.edu/~estan/publications/elephantsandmice.pdf Thanks for your informative messages! Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Biscay, FitzRoy: Cyclonic 4 or 5 at first in north, otherwise westerly or northwesterly 6 or 7, decreasing 4 or 5. Moderate or rough. Thundery showers. Moderate or good. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
