response-rate-limiting - "window" explained?
dot at dotat.at
Tue Jan 9 13:49:20 UTC 2018
Tom <tomtux007 at gmail.com> wrote:
> If I set the "responses-per-second 5;" and the "window 30;", then begin
> flooding (the responses are correctly dropped), then stop flooding, then
> querying the nameserver from the same source for the same RR, I'll get
> immediately the right answer.
> Any explanations for this behavior?
Try more than once - you are probably seeing the effect of the "slip"
setting, which is supposed to allow legitimate clients to get answers even
when they are being spoofed by a DDoS attack.
Also, if you are using DiG then to see the proper effect you'll want to
set the +ignore +tries=1 options (and maybe +timeout=1).
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Fair Isle, Faeroes, Southeast Iceland: Southeasterly 6 to gale 8, occasionally
severe gale 9, except in Faeroes. Rough or very rough, occasionally high in
Faeroes and Southeast Iceland. Occasional rain. Good, occasionally poor.
More information about the bind-users