In my DNS server's named.conf I see
rate-limit {
responses-per-second 5;
window 5;
};
What does this actually mean? And can it cause DNS clients problems?
Is this too tight a configuration?
binddomain-name-systemnamed-conf
In my DNS server's named.conf I see
rate-limit {
responses-per-second 5;
window 5;
};
What does this actually mean? And can it cause DNS clients problems?
Is this too tight a configuration?
Best Answer
It limits the number of identical responses a single DNS client can get in a second. The
window 5
option allows a burst of 5*5 responses."Identical responses" and "single DNS client" are a bit non-obvious terms here, read this for more info: http://web.archive.org/web/20140209100744/http://ss.vix.su/~vjs/rl-arm.html .
Generally it's a good thing to rate-limit - may help you in case of a DOS attack some day. The defaults should be OK for most cases.