Bind DNS Rate-Limit – Setting Responses-Per-Second and Window Values

binddomain-name-systemnamed-conf

In my DNS server's named.conf I see

    rate-limit {
            responses-per-second 5;
            window 5;
    };

What does this actually mean? And can it cause DNS clients problems?
Is this too tight a configuration?

Best Answer

It limits the number of identical responses a single DNS client can get in a second. The window 5 option allows a burst of 5*5 responses.

"Identical responses" and "single DNS client" are a bit non-obvious terms here, read this for more info: http://web.archive.org/web/20140209100744/http://ss.vix.su/~vjs/rl-arm.html .

Generally it's a good thing to rate-limit - may help you in case of a DOS attack some day. The defaults should be OK for most cases.

Related Topic