Hi, > 1) Mimic what's common in the "networking world", allowing to configure a > (higher) burst limit, could be a way of allowing bursty clients to finish all > lookups without getting slowed down by dropped queries. > > I like this idea:) I observe lot of clients, that send a lot of queries in first second of data transmission. Perfect solution (for me;) would be : If IP send more than X queries in Y seconds, deny all queries from this IP for Z seconds
example of my usecase: second 1: Regular Client: 80qps second 2: Regular Client: 10qps second 3: Regular Client: 5qps second 4: Regular Client: 4qps second 5: Regular Client: 3qps second 1: Malicious Client: 50qps second 2: Malicious Client: 50qps second 3: Malicious Client: 50qps second 4: Malicious Client: 50qps second 5: Malicious Client: 50qps ip-ratelimit 40 might be perfect for malicious client, but it impacts regular client experience. Even measuring number of queries for two seconds ( instead of 1 ) would make huge improvement. BR M
