On 22/07/2019 09.25, Jacob Bunk Nielsen wrote:
I've been reading up on the documentation for MaxQPSIPRule() which you can use to implement rate limits on DNS queries. A very nice feature.

It has a burst option which will allow clients to have bursts of queries, but it's not very clear to me exactly what it means. The documentation says:

"*burst*(/int/) – The number of burstable queries per second allowed. Default is same as qps"

I tried to have a quick view of the code and now understand this wording better, I think.

So let's say I create a rule like:

addAction(MaxQPSIPRule(5, 32, 64, 10), DelayAction(100))

This should delay any queries that exceed 5 per second with a burst of 10 allowed.

As I read the code, this would allow 10 queries as fast as you could send them for every second. So that would effectively mean a rate limit of 10 QPS and not 5, so it never makes sense to set burst higher than the allowed rate. That rule would make much more sense like:

addAction(MaxQPSIPRule(5, 32, 64, 3), DelayAction(100))

Which would mean rate limiting to 5 QPS, but allow the first 3 as fast as you want.

Did I get this right?

Best regards,


dnsdist mailing list

Reply via email to