Disabling rate-limit?

blrmaani blrmaani at gmail.com
Tue Aug 16 01:22:31 UTC 2016

I inherited a DNS server which is running BIND 9.8.x. There was a DNS incident where our customers complained that they saw query timeouts intermittently (Our customers run cassandra/hadoop applications and send same queries repeatedly). They also run nscd on their hosts but I was told all have same TTL value of 3600 indicating all names expire at the same time on thousands of client hosts).

 I tried to reproduce the issue by sending hostname.bind queries and I see logs similar to the one below:

<time> <client-hostname> named[<pid>]: limit responses to <subnet> for hostname.bind CH TXT <hex-number>
<time> <client-hostname> named[<pid>]: *stop limiting responses to <subnet> for hostname.bind CH TXT <hex-number>

I reviewed /etc/named.conf and do not see 'rate-limit' configuration. I am confused because BIND ARM says rate-limit is disabled by default. But logs indicate otherwise.

( I did "grep rate /etc/*" and didn't see anything. There are no includes in named.conf)

Please advice on how I can disable rate-limit on my DNS server.

I did a strings on 'named' binary and see this:

strings /usr/sbin/named | egrep -i rrl

What else do I need to check to identify if RRL is enabled? 


More information about the bind-users mailing list