RRL active by default?
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Thu May 1 22:10:50 UTC 2014
Does compiling in RRL mean its active, even without a rate-limit {} control block?
The other day, I got reports some service is getting intermittent lookup
failures for our ldap server.
Why these appliances have to query DNS servers many times per second to get
the address of a record with a TTL of 1 day....
In looking at the logs, I saw messages about rate-limit of various subnets.
(but, only for the busiest 2 of 8 caching servers) Starting when I first
updated to 9.9.4-P1. Though both had said they had stopped limiting responses
by the time I looked.
Just in case, I threw in a
rate-limit {
exempt-clients { k-state; };
};
where "k-state" is the same acl used with allow-query {} and allow-recursion {}.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
More information about the bind-users
mailing list