DNS_RRL_MAX_RATE defines 1000

程智勇 chengzhycn at gmail.com
Wed Jul 8 06:47:36 UTC 2020

Hi, all

I deployed a cluster of DNS which combined with a master and two slaves recently. I opened the response rate limiting function in slaves, which parameters like below:

rate-limit {
    ipv4-prefix-length 32;
    responses-per-second 250;
    all-per-second 1000;
    min-table-size 1000000;
    max-table-size 5000000;
    log-only no;

But even with this configuration, there were still some dns queries dropped cause the RRL. I viewed the rrl.h and noticed the max rrl rate are defined like this:

#define DNS_RRL_MAX_RATE 1000

And "all-rer-second” shouldn’t larger than DNS_RRL_MAX_RATE.

So could anybody tell me why DNS_RRL_MAX_RATE defined 1000? And is there any other methods to bypass this limits?

Thanks and Regards, Zhiyong Cheng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200708/c3040f63/attachment.htm>

More information about the bind-users mailing list