query dropping vs. returning nxdomain

Michael Richardson mcr at sandelman.ottawa.on.ca
Tue Mar 7 20:37:40 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Paul" == Paul Vixie <paul at vix.com> writes:
    Paul> on the other hand, statistical non-flow-based rate limiting is
    Paul> a reasonable way forward.  what if there was only a ((random()
    Paul> % 8) == 1) chance that a given ACL-denied query would be told

  That's fine, or a straight token-bucket algorithm.
  Probably make it tunable on a per-ACL basis.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRA3vEYCLcPvd0N1lAQJDXAgArO80W9qzl5XsjS+ig78h214HDl8IWet7
O3ILMp2yDl1hA6HxKnIJ/IkQQr14GdZCVTjCIZV6aPftqFHjLbCnyE4JFyfrfM74
4DaOt9MupiifQp6WdVTodaD4HpTOiXtR03E533zs80mlAMqj2KaVbe6I2y42Bc74
lxn/HO0t4ZZVkspmQm62HpOfkoZiQTXdmQLdzkWOiLxxvtiAbYyYDwrL3/SRPkfZ
Ll6iLF/MPLAIbd2PXDmvt+vD+Bg3eQ/vB0fdVQ3o3jaOz/sLcicay48fcCHBWYmC
SjUEmyBt2bhMHrDElKdmUDzvMLptuqdpDVAjCU6KrQbk6TcVkvUF3g==
=AR89
-----END PGP SIGNATURE-----


More information about the bind-workers mailing list