Query on the Overload control mechanism for DNS Server

Philippe.Simonet at swisscom.com Philippe.Simonet at swisscom.com
Mon May 1 05:48:29 UTC 2017


you should take a look at http://dnsdist.org/, 
that can easyly run as dns proxy on the same machine as named.


-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of ramkishore.b at gmail.com
Sent: dimanche, 30 avril 2017 15:05
To: comp-protocols-dns-bind at isc.org
Subject: Query on the Overload control mechanism for DNS Server

To protect the DNS server from overload, is there any feature already part of Bind software(Or can be achieved with any configuration changes) which can be enabled/disabled. 
I came across relevant feature called response rate limit(rrl) documentation, and it looks like it is mostly useful while taking the decision at the time of response transmission after the handling of incoming request. 
Correct me if I am wrong here. 

But What I am looking for a feature which calculates the incoming rate and rejects the messages above certain limit at the initial stage itself before handling them and dropping. So that no resource utilization processing will be wasted. 
This type of mechanism will be very much useful in defining the benchmark limit for any particular server based on its CPU and resources utilization.

The Bind version we currently use is Bind 9.11.

Any expertise inputs are very much appreciated. Thanks.

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org

More information about the bind-users mailing list