response-rate-limiting - "window" explained?

Tom tomtux007 at gmail.com
Tue Jan 9 15:08:01 UTC 2018



On 01/09/2018 02:49 PM, Tony Finch wrote:
> Tom <tomtux007 at gmail.com> wrote:
>>
>> If I set the "responses-per-second 5;" and the "window 30;", then begin
>> flooding (the responses are correctly dropped), then stop flooding, then
>> querying the nameserver from the same source for the same RR, I'll get
>> immediately the right answer.
>>
>> Any explanations for this behavior?
> 
> Try more than once - you are probably seeing the effect of the "slip"
> setting, which is supposed to allow legitimate clients to get answers even
> when they are being spoofed by a DDoS attack.

I tried many times with different values for "window" (window 5;, window 
30;, window 3600;) Always the same effect with the following command:
while true; do echo -n "$(date)       "; dig +short +ignore +tries=1 
@x.x.x.x www.example.com; sleep .01; done

Slip is set to "0" (always drop). After stopping the flood, I'm 
immediately able to query the same record (www.example.com) with a 
positive answer. Does the "window 5;" or "window 30;" or "window 3600;" 
possibly has no effect?

Thank you.
Kind regards,
Tom

> 
> Also, if you are using DiG then to see the proper effect you'll want to
> set the +ignore +tries=1 options (and maybe +timeout=1).
> 
> Tony.
> 


More information about the bind-users mailing list