response-rate-limiting - "window" explained?

Tony Finch dot at
Tue Jan 9 13:49:20 UTC 2018

Tom <tomtux007 at> wrote:
> If I set the "responses-per-second 5;" and the "window 30;", then begin
> flooding (the responses are correctly dropped), then stop flooding, then
> querying the nameserver from the same source for the same RR, I'll get
> immediately the right answer.
> Any explanations for this behavior?

Try more than once - you are probably seeing the effect of the "slip"
setting, which is supposed to allow legitimate clients to get answers even
when they are being spoofed by a DDoS attack.

Also, if you are using DiG then to see the proper effect you'll want to
set the +ignore +tries=1 options (and maybe +timeout=1).

f.anthony.n.finch  <dot at>  -  I xn--zr8h punycode
Fair Isle, Faeroes, Southeast Iceland: Southeasterly 6 to gale 8, occasionally
severe gale 9, except in Faeroes. Rough or very rough, occasionally high in
Faeroes and Southeast Iceland. Occasional rain. Good, occasionally poor.

More information about the bind-users mailing list