[Unbound-users] unbound rate limiting

Tony Finch dot at dotat.at
Fri Mar 29 22:36:28 UTC 2013


On 29 Mar 2013, at 21:26, Rok Potočnik <r at rula.net> wrote:

> Can we expect unbound query rate liming (http://www.redbarn.org/dns/ratelimits) per client/source in future releases?

Response rate limiting is designed for authoritative name servers. It does not work well for recursive servers, because most recursive clients are cacheless so it is normal for them to repeat queries in a way that would be unreasonable for cacheing iterative clients. Response rate limiting is not just a per client query limit.

The way to secure a recursive server is to answer queries only from your network's IP addresses.

Tony.



More information about the Unbound-users mailing list