Maintained by: NLnet Labs

[Unbound-users] unbound rate limiting

Tony Finch
Fri Mar 29 23:36:28 CET 2013


On 29 Mar 2013, at 21:26, Rok Potočnik <r at rula.net> wrote:

> Can we expect unbound query rate liming (http://www.redbarn.org/dns/ratelimits) per client/source in future releases?

Response rate limiting is designed for authoritative name servers. It does not work well for recursive servers, because most recursive clients are cacheless so it is normal for them to repeat queries in a way that would be unreasonable for cacheing iterative clients. Response rate limiting is not just a per client query limit.

The way to secure a recursive server is to answer queries only from your network's IP addresses.

Tony.