I'm trying RRL on the new BIND 9.9.4. When RRL steps in, if I understand the documentation properly, two things are logged, a summary of the beginning and end of RRL, and one message per rejected query (!) Since RRL is used when there is an attack, there are *many* such messages. Worse, the default behavior of BIND aggravates the attack by filling the disk.
>From the ARM, I find no way to prevent these annoying messages, except shutting down all query errors logging. Here is my best config so far: logging { channel rrl_channel { file "rrl.log" versions 3 size 10m; print-time yes; print-category yes; }; # Prints begin and end of rate-limiting category rate-limit { rrl_channel; }; # Individual requests rejected category query-errors { null; }; }; But it is too harsh, since all query errors are sent to null. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users