Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I actually go higher than that...  I'm currently running 20/min with 30
burst.  The thing you have to look at is what 'normal' traffic looks
like.  What happens when you hit a popular website with a ton of
embedded banner ads, traffic monitoring, etc?  Every one of those items
has to perform a lookup, so it might not be unusual for a regular user
to perform 20-30 lookups on a single web page, especially if their
system does not locally cache DNS data.

On the other hand, typical service attacks may see hundreds of queries
*per second* and that's the kind of thing you want to stop dead.

Please also see http://wiki.opennicproject.org/Tier2Security for
iptables rules that will refuse to answer certain types of queries known
to be part of attacks.  These will stop the attacks dead, not even
allowing a short burst of answers to get through.


On 07/08/2013 11:51 PM, Paladin wrote:
> Hi guys,
> I experienced problem updating system resulting in kinda
> long outage. Server is up and running again.
>
> I'm sorry for any problems.
>
> OT: how big limits do you thing are resonable? I have bind9 with
>
> rate-limit {
>       responses-per-second 15;
>       window 5;
> }
>
> Do you think this is high enough? Or should I go even lower?
>
> Thank
>
> P.