Rate-limiting - working? How to test?

Rich Goodson rgoodson at gronkulator.com
Fri Jan 17 14:22:47 UTC 2014


John,

"log-only yes;"

is the reason you are not seeing any rate limiting.  You are telling your server not to actually do any rate limiting, just to log what it would have done.  You didn’t post any more of your named.conf, but I would assume you don’t have any logging set up for rate limiting, so you don’t see any of that either.

You need a rate-limit log stanza to see rate limiting information (rate limiting from IP address, no longer limiting from IP address, etc), and the individual queries that are not responded to are logged either in your querylog or query-errors (can’t remember which off the top of my head).

-Rich

On Jan 17, 2014, at 7:34 AM, John Horne <john.horne at plymouth.ac.uk> wrote:

> Hello,
> 
> I have BIND 9.9.4 installed on a server, and have included in the global options:
> 
>        rate-limit { responses-per-second 5;
>                          log-only yes;
>        };
> 
> However, if I run from a client:
> 
>        for n in `seq 1 10`; do dig +short jhorne.csd.plymouth.ac.uk a @141.163.66.138; done
> 
> I get 10 correct responses. The query log file on the server shows that 10 queries were received:
> 
>       17-Jan-2014 13:20:43.662 client 141.163.66.139#55184 (jhorne.csd.plymouth.ac.uk): view plymouth-only: query: jhorne.csd.plymouth.ac.uk IN A + (141.163.66.138)
> 
> (The other 9 log entries are the same, except for the milliseconds increasing slightly.)
> 
> It's Friday afternoon, so I'm probably missing something obvious :-) I cannot see why all the queries were responded to, I expected some queries to timeout and something to be logged (none of the other bind logs contain anything about rate limiting).
> 
> 
> 
> Thanks,
> 
> John.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4154 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140117/27898bf7/attachment.bin>


More information about the bind-users mailing list