New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add rate limit options #118

Open
wispr opened this Issue Jul 1, 2014 · 3 comments

Comments

Projects
None yet
3 participants
@wispr

wispr commented Jul 1, 2014

Rate limiting was introduced in 9.10 of bind and is a great tool to limit DDoS attacks, but the option is missing in global and view options.
http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit

@framirezu

This comment has been minimized.

framirezu commented Jul 7, 2014

this is a necessary requirement for large deployments.
I join.+1

@WillyXJ WillyXJ added this to the 2.0 release milestone Aug 22, 2014

WillyXJ added a commit that referenced this issue Dec 18, 2014

WillyXJ added a commit that referenced this issue Jan 2, 2015

fmDNS - #118 - Improved ratelimit support
Just need to support multiple responses-per-second in the buildconf

WillyXJ added a commit that referenced this issue Jan 2, 2015

fmDNS - #118 - Fixed ratelimit buildconf
Multiple responses-per-second are now built
@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Jan 2, 2015

This support has been added to v2.0-alpha2 and later for BIND 9.9.4 and later.

@WillyXJ WillyXJ closed this Jan 2, 2015

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Dec 7, 2016

It seems named does not allow for multiple rate-limit declarations - at least in my additional tests - even though the zytrax page shows multiples are allowed.

Sep 19 16:28:42 fm-dns-t4 named[1342]: loading configuration from '/etc/bind/named.conf'
Sep 19 16:28:42 fm-dns-t4 named[1342]: /etc/bind/named.conf.options:82: 'rate-limit' redefined near 'rate-limit'

Here are the relevant entries in my test named.conf:

77 	rate-limit {
78 		all-per-second 600;
79 		errors-per-second 80;
80 		max-table-size 153;
81 	};
82 	rate-limit {
83 		domain sub.test-domain.com;
84 		all-per-second 10;
85 	};

This particular test system is running BIND 9.9.5-9+deb8u6-Debian and ISC states 9.9.4 and later have rate-limit support. Has anyone got a working configuration with multiple rate-limit options defined or does it truly only support one delcaration?

@WillyXJ WillyXJ reopened this Dec 7, 2016

@WillyXJ WillyXJ added the Help Wanted label Mar 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment