ip-ratelimit not change in ip_ratelimit_list - after reload

Eric Luehrsen ericluehrsen at gmail.com
Wed Jul 18 01:22:33 UTC 2018

On 07/17/2018 11:57 AM, Luiz Fernando Softov via Unbound-users wrote:
> ​Thanks a lot...
> I have read the code, there is a 'global' to store the ip-ratelimit.
> There is a plan to implement ip-ratelimit filtered by IP/network?
> Something like:
> ip-ratelimit: <>200
> ip-ratelimit: <>300
> ip-ratelimit: <>50
> ​That way, we
>   can have
> ​clients
>   with different limitations

Rate per subnet seems like a good idea. This could be used in an 
any-cast global cluster of Unbound servers. They may prefer queries that 
are near over distant. They may prefer known consumer grade ISP blocks 
over the rest falling outside the intended audience. It is not desired 
to block (firewall) these IP blocks, but rather bias rate preference.

It could be used so that Unbound could serve a public-private split 
network such as a restaurant. Less rate for the guest network. If 
multiple restaurants are owned, then Unbound at each site can forward to 
Unbound at another site (store1234.example.net, via VPN or TLS). These 
forwards would be protected at a different rate yet. Each site can use a 
dhcp script to insert business network hosts into Unbound (or NSD).

Side note, views can be used to hide the business local domain from 
guest network. Vies can also be used to block ads, malicious and NSFW 
sites on the business network but permit guest uncensored public access.

More information about the Unbound-users mailing list