[Ext] RRL settings that work for you
Jim Glassford
jmglass at iup.edu
Wed May 27 11:50:02 UTC 2015
Hi Mike,
In production since July 2013 without complaints and believe it has
helped here.
rate-limit { responses-per-second 10; window 5; };
best!
jim
On 5/26/2015 5:00 PM, Mike Hoskins (michoski) wrote:
> Hi folks,
>
> I've read about RRL with interest since its inception, but just now
> getting around to rolling it out. That is partially because we run a very
> small authoritative infrastructure serving mostly as Akamai EDNS origins.
> However, since it is exposed externally, used by a few tenants and RRL has
> been running in the wild for awhile now...we decided to finally hop on the
> bandwagon as part of our latest round of DNS infrastructure upgrades.
>
> We are experimenting in log-only mode, and wanted to get feedback on
> settings which work well for others in production. So far we have the
> following which appears to work well (not limiting typical clients during
> normal operation):
>
> rate-limit {
> log-only yes;
> ipv4-prefix-length 32;
> window 10;
> responses-per-second 20;
> nxdomains-per-second 10;
> exempt-clients {
> [...]
> };
>
>
>
>
> };
>
>
> However, as we've mostly just been turning knobs in an attempt to minimize
> log entries... insight from operators is appreciated.
>
> Thanks!
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list