Re: Rate-Limit Question
2013/6/15 Vernon Schryver :
>> From: Drunkard Zhang
>
>> Great patchset, and I found this docs will be in ARM:
>>
>> [ rate-limit {
>> [ responses-per-second number ; ]
>> [ referrals-per-second number ; ]
>> [ nodata-per-second number ; ]
>> [ nxdomains-per-second number ; ]
>> [ errors-per-second number ; ]
>> [ all-per-second number ; ]
>> [ window number ; ]
>> [ log-only yes_or_no ; ]
>> [ qps-scale number ; ]
>> [ ipv4-prefix-length number ; ]
>> [ ipv6-prefix-length number ; ]
>> [ slip number ; ]
>> [ exempt-clients { address_match_list } ; ]
>> [ max-table-size number ; ]
>> [ min-table-size number ; ]
>> } ; ]
>>
>> I wondering if all these functions are implemented?
>
> Yes, of course. Why do you ask? Have you found something missing?
> If so, are you using the version of the patch that corresponds to
> the ARM text?
>
Thanks, it is what I'm looking forward, except domain scale rate-limit.
I have to make sure of this, because bind keep silent on some
deprecated options, I'm not sure if this patch did the same. Sorry for
interrupt ;)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
> From: Drunkard Zhang
> Great patchset, and I found this docs will be in ARM:
>
> [ rate-limit {
> [ responses-per-second number ; ]
> [ referrals-per-second number ; ]
> [ nodata-per-second number ; ]
> [ nxdomains-per-second number ; ]
> [ errors-per-second number ; ]
> [ all-per-second number ; ]
> [ window number ; ]
> [ log-only yes_or_no ; ]
> [ qps-scale number ; ]
> [ ipv4-prefix-length number ; ]
> [ ipv6-prefix-length number ; ]
> [ slip number ; ]
> [ exempt-clients { address_match_list } ; ]
> [ max-table-size number ; ]
> [ min-table-size number ; ]
> } ; ]
>
> I wondering if all these functions are implemented?
Yes, of course. Why do you ask? Have you found something missing?
If so, are you using the version of the patch that corresponds to
the ARM text?
If there is another version of the patches, I should change the
script that generates that ARM HTML text from the XML patches to add
a date and perhaps extract some version numbers.
Vernon Schryverv...@rhyolite.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
2013/6/14 Phil Mayers :
> On 14/06/13 15:27, Manson, John wrote:
>>
>> We are running Bind 9.9.2 and would like to invoke the rate-limit option
>> but named says ‘unknown option’.
>>
>> Do we need to upgrade bind to get this option?
>
>
> You need to apply the patches here:
>
> http://ss.vix.su/~vjs/rrlrpz.html
>
Great patchset, and I found this docs will be in ARM:
[ rate-limit {
[ responses-per-second number ; ]
[ referrals-per-second number ; ]
[ nodata-per-second number ; ]
[ nxdomains-per-second number ; ]
[ errors-per-second number ; ]
[ all-per-second number ; ]
[ window number ; ]
[ log-only yes_or_no ; ]
[ qps-scale number ; ]
[ ipv4-prefix-length number ; ]
[ ipv6-prefix-length number ; ]
[ slip number ; ]
[ exempt-clients { address_match_list } ; ]
[ max-table-size number ; ]
[ min-table-size number ; ]
} ; ]
I wondering if all these functions are implemented? Thanks for your reply :)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: [BIND-USERS] Re: Rate-Limit Question
Thank you. This is great news. Jerry On 06/14/13 11:08 AM, Evan Hunt wrote: On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote: It's not built into bind (yet). Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a compile-time option (--enable-rrl). (Our usual policy is not to add substantial new features in maintenance releases like 9.9.4; making it a compile-time option that defaults to off is our way of tiptoeing around the rule.) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On 06/14/2013 09:08 AM, Evan Hunt wrote: (Our usual policy is not to add substantial new features in maintenance releases like 9.9.4; making it a compile-time option that defaults to off is our way of tiptoeing around the rule.) Quite reasonable, and much appreciated. :) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On Jun 14 2013, Evan Hunt wrote: On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote: It's not built into bind (yet). Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a compile-time option (--enable-rrl). The latter is particularly good news in view of the ESV status of the BIND 9.9 series. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
tks !! On 6/14/13 1:21 PM, Evan Hunt wrote: > On Fri, Jun 14, 2013 at 01:10:47PM -0300, Carlos M. Martinez wrote: >> thanks for the heads up. Do you have a estimated time of release for >> 9.9.4 and 9.9.10 ? > Every time I make predictions about dates, events conspire to make > me wrong, but I'm *hoping* to have 9.9.4 out in early August. > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On Fri, Jun 14, 2013 at 01:10:47PM -0300, Carlos M. Martinez wrote: > thanks for the heads up. Do you have a estimated time of release for > 9.9.4 and 9.9.10 ? Every time I make predictions about dates, events conspire to make me wrong, but I'm *hoping* to have 9.9.4 out in early August. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
> Or, I believe, you can pay for a BIND^w DNS-Co subscription and download > a version with the magic built in? This is also true. DNSco subscribers get first bite at the apple with this and several other features that will be in 9.10. (Primarily GeoIP support, DSCP, and some enhancements to DLZ.) > Or you can wait until some time in the future when it gets integrated > into the base BIND. About which see my previous message. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On Jun 14, 2013, at 12:08 PM, Evan Hunt wrote: > On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote: >> It's not built into bind (yet). > > Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a > compile-time option (--enable-rrl). Thank you for the clarification. Looking forward to the release of 9.9.4 W > > (Our usual policy is not to add substantial new features in maintenance > releases like 9.9.4; making it a compile-time option that defaults to off > is our way of tiptoeing around the rule.) > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- "Real children don't go hoppity-skip unless they are on drugs." -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
Evan, thanks for the heads up. Do you have a estimated time of release for 9.9.4 and 9.9.10 ? Warm regards, ~Carlos On 6/14/13 1:08 PM, Evan Hunt wrote: > On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote: >> It's not built into bind (yet). > > Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a > compile-time option (--enable-rrl). > > (Our usual policy is not to add substantial new features in maintenance > releases like 9.9.4; making it a compile-time option that defaults to off > is our way of tiptoeing around the rule.) > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On Fri, Jun 14, 2013 at 03:36:19PM +0100, Phil Mayers wrote: > It's not built into bind (yet). Correct. For the record, it'll be in 9.10.0 by default and 9.9.4 as a compile-time option (--enable-rrl). (Our usual policy is not to add substantial new features in maintenance releases like 9.9.4; making it a compile-time option that defaults to off is our way of tiptoeing around the rule.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On Jun 14, 2013, at 10:37 AM, Stephane Bortzmeyer wrote: > On Fri, Jun 14, 2013 at 02:27:50PM +, > Manson, John wrote > a message of 138 lines which said: > >> We are running Bind 9.9.2 and would like to invoke the rate-limit >> option but named says 'unknown option'. > > RRL (Response Rate Limiting) is an unofficial patch. You'll have to > patch the source first. Yup, this is easy. Or, I believe, you can pay for a BIND^w DNS-Co subscription and download a version with the magic built in… Or you can wait until some time in the future when it gets integrated into the base BIND. W > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- "Real children don't go hoppity-skip unless they are on drugs." -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On Fri, Jun 14, 2013 at 02:27:50PM +, Manson, John wrote a message of 138 lines which said: > We are running Bind 9.9.2 and would like to invoke the rate-limit > option but named says 'unknown option'. RRL (Response Rate Limiting) is an unofficial patch. You'll have to patch the source first. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
On 14/06/13 15:27, Manson, John wrote: We are running Bind 9.9.2 and would like to invoke the rate-limit option but named says ‘unknown option’. Do we need to upgrade bind to get this option? You need to apply the patches here: http://ss.vix.su/~vjs/rrlrpz.html It's not built into bind (yet). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Rate-Limit Question
You need to patch your 9.9.2 source code and recompile. Take a look at:
http://www.redbarn.org/dns/ratelimits
cheers,
~Carlos
On 6/14/13 11:27 AM, Manson, John wrote:
> We are running Bind 9.9.2 and would like to invoke the rate-limit option
> but named says ‘unknown option’.
>
> Do we need to upgrade bind to get this option?
>
> Using this syntax:
>
> rate-limit { responses-per-second 5; window 5; };
>
> Thanks
>
>
>
>
>
> John Manson
>
> US House of Representatives
>
> CAO/HIR/NAF/Data-Communications
>
> Senior Network Communications Specialist
>
> Desk: 202-226-4244
>
> NCC: 202-226-6430
>
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Rate-Limit Question
We are running Bind 9.9.2 and would like to invoke the rate-limit option but
named says 'unknown option'.
Do we need to upgrade bind to get this option?
Using this syntax:
rate-limit { responses-per-second 5; window 5; };
Thanks
John Manson
US House of Representatives
CAO/HIR/NAF/Data-Communications
Senior Network Communications Specialist
Desk: 202-226-4244
NCC: 202-226-6430
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
