Maintained by: NLnet Labs

ratelimit: exactly what is counted before limit applies?

Nick Urbanik
Thu Jul 6 08:08:56 CEST 2017


Dear Folks,

I'm trying to understand the exact meaning of this part of the
description of ratelimit in unbound.conf(5):

"The zone of the query is determined by examining the nameservers for
it, the zone name is used to keep track of the rate."

So if we have a ratelimit of 1000, does that mean that limit applies
to a.tiles.mapbox.com., tiles.mapbox.com., and everything under
mapbox.com.?  How does unbound determine the zone that the name is
under?

Are you aware of any suggestions on ways to determine suitable values
for ratelimit to match the scale of queries received?  And for
ip-ratelimit?
-- 
Nick Urbanik http://nicku.org 808-71011 nick.urbanik at optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.