response-rate-limiting - "window" explained?
tomtux007 at gmail.com
Tue Jan 9 15:08:01 UTC 2018
On 01/09/2018 02:49 PM, Tony Finch wrote:
> Tom <tomtux007 at gmail.com> wrote:
>> If I set the "responses-per-second 5;" and the "window 30;", then begin
>> flooding (the responses are correctly dropped), then stop flooding, then
>> querying the nameserver from the same source for the same RR, I'll get
>> immediately the right answer.
>> Any explanations for this behavior?
> Try more than once - you are probably seeing the effect of the "slip"
> setting, which is supposed to allow legitimate clients to get answers even
> when they are being spoofed by a DDoS attack.
I tried many times with different values for "window" (window 5;, window
30;, window 3600;) Always the same effect with the following command:
while true; do echo -n "$(date) "; dig +short +ignore +tries=1
@x.x.x.x www.example.com; sleep .01; done
Slip is set to "0" (always drop). After stopping the flood, I'm
immediately able to query the same record (www.example.com) with a
positive answer. Does the "window 5;" or "window 30;" or "window 3600;"
possibly has no effect?
> Also, if you are using DiG then to see the proper effect you'll want to
> set the +ignore +tries=1 options (and maybe +timeout=1).
More information about the bind-users