RRL active by default?

Lawrence K. Chen, P.Eng. lkchen at ksu.edu
Thu May 1 22:10:50 UTC 2014


Does compiling in RRL mean its active, even without a rate-limit {} control block?

The other day, I got reports some service is getting intermittent lookup
failures for our ldap server.

Why these appliances have to query DNS servers many times per second to get
the address of a record with a TTL of 1 day....

In looking at the logs, I saw messages about rate-limit of various subnets.
(but, only for the busiest 2 of 8 caching servers)  Starting when I first
updated to 9.9.4-P1.  Though both had said they had stopped limiting responses
by the time I looked.

Just in case, I threw in a

rate-limit {
    exempt-clients { k-state; };
};

where "k-state" is the same acl used with allow-query {} and allow-recursion {}.


-- 
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally


More information about the bind-users mailing list