BIND DNS rate-limit: qps-scale understanding

Wed Jan 9 17:17:17 UTC 2019

Hey bind-users,

I have a few questions concerning qps-scale.

Referencing: http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit
<https://owa-fb-cafrfd1msg.it.att.com/owa/redir.aspx?C=sSqMGF1uxBG_j8W0xquXski4L4SoQskiWWmybazKp7lMkYbtVXbWCA..&URL=https%3a%2f%2furldefense.proofpoint.com%2fv2%2furl%3fu%3dhttp-3A__www.zytrax.com_books_dns_ch7_hkpng.html-23rate-2Dlimit%26d%3dDwMFAw%26c%3dLFYZ-o9_HUMeMTSQicvjIg%26r%3dZJSnpAJR1u4VhPcjyvD0AA%26m%3dP2MSVkggLXM0ET_O0pOqhmjna546AOxekpqML0mUinA%26s%3ddMYw3YORsrcfXyB1nj1B2ZkwF7OsULwy11uwS8N31y4%26e%3d>
and
https://ftp.isc.org/isc/bind9/9.10.8-P1/doc/arm/Bv9ARM.pdf
<https://owa-fb-cafrfd1msg.it.att.com/owa/redir.aspx?C=H_KumoXkqxMJqV_AGREj5-rYPsMhQ-aD2rD3X4pZ8vtMkYbtVXbWCA..&URL=https%3a%2f%2furldefense.proofpoint.com%2fv2%2furl%3fu%3dhttps-3A__ftp.isc.org_isc_bind9_9.10.8-2DP1_doc_arm_Bv9ARM.pdf%26d%3dDwMFAw%26c%3dLFYZ-o9_HUMeMTSQicvjIg%26r%3dZJSnpAJR1u4VhPcjyvD0AA%26m%3dP2MSVkggLXM0ET_O0pOqhmjna546AOxekpqML0mUinA%26s%3d6spMSKoM_6XBqle0aw8wgetJH2j56gc_8rZRRaCWURM%26e%3d>
Page 119

Definition:
Range allowed is 1 to very big number (actually 32 bit unsigned value,
which is still a very big number). Default is not to apply qps-scaling. The
rate limiting function calculates the approximate query per second load on
the DNS from all sources (including TCP queries). The *qps-scale*, if
defined, is then applied which may result in a reduction of the user
supplied limits, such as *responses-per-second* during high-load
situations. Thus, assume the user defined *responses-per-second 10;*
and a *qps-scale
200;* then if the DNS server is receiving queries (from all sources,
including TCP) at a rate of 500 per second the following algorithm is
applied (qps-scale/DNS query arrival rate) * responses-per-second =
effective rate-limit, substituting actual values gives (200/500) * 10 = 4,
meaning that in the defined load conditions the 5th and subsequent
identical response in any 1 second to any specific client will be dropped
(or trigger any defined slip
<https://owa-fb-cafrfd1msg.it.att.com/owa/redir.aspx?C=d-0CB5Uei3m4HURi5fkwNHGwKVbOxcxTDoCD7AH_7fVMkYbtVXbWCA..&URL=https%3a%2f%2furldefense.proofpoint.com%2fv2%2furl%3fu%3dhttp-3A__www.zytrax.com_books_dns_ch7_hkpng.html-23slip%26d%3dDwMFAw%26c%3dLFYZ-o9_HUMeMTSQicvjIg%26r%3dZJSnpAJR1u4VhPcjyvD0AA%26m%3dP2MSVkggLXM0ET_O0pOqhmjna546AOxekpqML0mUinA%26s%3daZbaZPsBlPP26rWZluczEsYfVy7P8rI9riO6jfbLoc4%26e%3d>
parameter action). The *qps-scale* value, if used, should thus be set to
the maximum desired DNS transaction (query response) rate for the server.
http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit
<https://owa-fb-cafrfd1msg.it.att.com/owa/redir.aspx?C=sSqMGF1uxBG_j8W0xquXski4L4SoQskiWWmybazKp7lMkYbtVXbWCA..&URL=https%3a%2f%2furldefense.proofpoint.com%2fv2%2furl%3fu%3dhttp-3A__www.zytrax.com_books_dns_ch7_hkpng.html-23rate-2Dlimit%26d%3dDwMFAw%26c%3dLFYZ-o9_HUMeMTSQicvjIg%26r%3dZJSnpAJR1u4VhPcjyvD0AA%26m%3dP2MSVkggLXM0ET_O0pOqhmjna546AOxekpqML0mUinA%26s%3ddMYw3YORsrcfXyB1nj1B2ZkwF7OsULwy11uwS8N31y4%26e%3d>

My questions:
With my understanding reading the definition above, the "DNS query arrival
rate" is the current number of queries per second being sent to the DNS
server which changes dynamically *NOT* the capacity of queries per second
the DNS server is able to handle.
Is my understanding true?

How is the "DNS query arrival rate" calculated by the DNS server? How often
is the "DNS query arrival rate" calculated? My thinking is every second.

If the qps-scale is defined, not 0, will the qps-scale formula *always * be
used?
For example: qps-scale 500; responses-per-second 50; "DNS query arrival
rate" 200
(500 / 200) * 50 = 125 effective responses-per-second
or
is the qps-scale formula only used when the "DNS query arrival rate" is
approximate or exceeds the qps-scale value?

Thanks
Brent D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190109/1cc4c93c/attachment.html>