Linux – BIND DNS rate-limit: qps-scale understanding

binddomain-name-systemlinuxrate-limiting

I have a few questions concerning qps-scale and how it is used when rate-limit option is used in BIND.

Referencing: http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit and
https://ftp.isc.org/isc/bind9/9.10.8-P1/doc/arm/Bv9ARM.pdf Page 119

Definition:
Range allowed is 1 to very big number (actually 32 bit unsigned value, which is still a very big number). Default is not to apply qps-scaling. The rate limiting function calculates the approximate query per second load on the DNS from all sources (including TCP queries). The qps-scale, if defined, is then applied which may result in a reduction of the user supplied limits, such as responses-per-second during high-load situations. Thus, assume the user defined responses-per-second 10; and a qps-scale 200; then if the DNS server is receiving queries (from all sources, including TCP) at a rate of 500 per second the following algorithm is applied (qps-scale/DNS query arrival rate) * responses-per-second = effective rate-limit, substituting actual values gives (200/500) * 10 = 4, meaning that in the defined load conditions the 5th and subsequent identical response in any 1 second to any specific client will be dropped (or trigger any defined slip parameter action). The qps-scale value, if used, should thus be set to the maximum desired DNS transaction (query response) rate for the server.
http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit

My questions:
With my understanding reading the definition above, the "DNS query arrival rate" is the current number of queries per second being sent to the DNS server which changes dynamically NOT the capacity of queries per second the DNS server is able to handle.
Is my understanding true?

How is the "DNS query arrival rate" calculated by the DNS server?

How often is the "DNS query arrival rate" calculated?

If the qps-scale is defined, not 0, will the qps-scale formula always be used?
For example: qps-scale 500; responses-per-second 50; "DNS query arrival rate" 200
(500 / 200) * 50 = 125 effective responses-per-second
or
is the qps-scale formula only used when the "DNS query arrival rate" is approximate or exceeds the qps-scale value?

Thanks
Brent D

Best Answer

First of all, I will just note that the "definition" you quote and ask about was written by a third party.
I think some of the confusion comes from some strange wording there and I would recommend focusing on the relevant section of the manual as that covers at least some of the things that you ask about.

  1. The qps-scale setting is used to determine a scaling factor for the Response Rate Limiting functionality, which limits the rate of identical responses.
    As far as I can see, the scaling is only recalculated as part of the RRL processing, which is done only after the response is known.

  2. number_of_queries / number_of_seconds

  3. Every window seconds (as part of RRL processing, so only happens if there are actually queries to answer)

  4. "When the approximate query per second rate exceeds the qps-scale value ..."

Related Topic