ip-ratelimit not change in ip_ratelimit_list - after reload
ericluehrsen at gmail.com
Wed Jul 18 01:22:33 UTC 2018
On 07/17/2018 11:57 AM, Luiz Fernando Softov via Unbound-users wrote:
> Thanks a lot...
> I have read the code, there is a 'global' to store the ip-ratelimit.
> There is a plan to implement ip-ratelimit filtered by IP/network?
> Something like:
> ip-ratelimit:192.168.1.0/24 <http://192.168.1.0/24>200
> ip-ratelimit:192.168.2.0/24 <http://192.168.2.0/24>300
> ip-ratelimit:0.0.0.0/0 <http://0.0.0.0/0>50
> That way, we
> can have
> with different limitations
Rate per subnet seems like a good idea. This could be used in an
any-cast global cluster of Unbound servers. They may prefer queries that
are near over distant. They may prefer known consumer grade ISP blocks
over the rest falling outside the intended audience. It is not desired
to block (firewall) these IP blocks, but rather bias rate preference.
It could be used so that Unbound could serve a public-private split
network such as a restaurant. Less rate for the guest network. If
multiple restaurants are owned, then Unbound at each site can forward to
Unbound at another site (store1234.example.net, via VPN or TLS). These
forwards would be protected at a different rate yet. Each site can use a
dhcp script to insert business network hosts into Unbound (or NSD).
Side note, views can be used to hide the business local domain from
guest network. Vies can also be used to block ads, malicious and NSFW
sites on the business network but permit guest uncensored public access.
More information about the Unbound-users