response-rate-limiting - "window" explained?
Tom
tomtux007 at gmail.com
Fri Jan 5 16:21:57 UTC 2018
I've tested several "window"-values (5-3600) with fast-querying the
nameserver from one single client with always the same query. As
explained by Tony the "window" means the time, which the client must
wait, after he stops fast-querying the nameserver while he was
successfully dropped.
In my tests, I never had to wait for about more than about 5s.
I've configured rate-limits like this:
rate-limit {
responses-per-second 5;
slip 0;
window 5;
log-only no; };
Could someone explain the problem here? Why do I never have to wait
longer than about 5s until I'm able to query the nameserver from the
unique client with the same query again?
Many thanks.
Kind regards,
Tom
On 03/27/2017 11:33 AM, Tony Finch wrote:
> Tom <tomtux007 at gmail.com> wrote:
>
>> Can someone explain the behaviour of "window" in the rate-limit-context?
>
> It basically determines the time after a client that was querying very
> fast but then stopped is allowed to receive responses again.
>
> When a client repeats a query, its counter is decremented until it reaches
> the minimum `-1 * window * responses-per-second`. Its counter is
> incremented by `responses-per-second` each second, so after the client
> stops querying it will be `window` seconds before the counter becomes
> positive which means the client is allowed to receive responses again.
>
> Tony.
>
More information about the bind-users
mailing list