Maintained by: NLnet Labs

ratelimit: exactly what is counted before limit applies?

Nick Urbanik
Thu Jul 6 08:08:56 CEST 2017

Dear Folks,

I'm trying to understand the exact meaning of this part of the
description of ratelimit in unbound.conf(5):

"The zone of the query is determined by examining the nameservers for
it, the zone name is used to keep track of the rate."

So if we have a ratelimit of 1000, does that mean that limit applies
to,, and everything under  How does unbound determine the zone that the name is

Are you aware of any suggestions on ways to determine suitable values
for ratelimit to match the scale of queries received?  And for
Nick Urbanik 808-71011 nick.urbanik at
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.