Better ratelimiting? (again)
Maciej Gawron
gaweron at gmail.com
Wed Jan 16 13:06:43 UTC 2019
Hi,
> 1) Mimic what's common in the "networking world", allowing to configure a (higher) burst limit, could be a way of allowing bursty clients to finish all lookups without getting slowed down by dropped queries.
>
> I like this idea:)
I observe lot of clients, that send a lot of queries in first second of
data transmission.
Perfect solution (for me;) would be : If IP send more than X queries in Y
seconds, deny all queries from this IP for Z seconds
example of my usecase:
second 1: Regular Client: 80qps
second 2: Regular Client: 10qps
second 3: Regular Client: 5qps
second 4: Regular Client: 4qps
second 5: Regular Client: 3qps
second 1: Malicious Client: 50qps
second 2: Malicious Client: 50qps
second 3: Malicious Client: 50qps
second 4: Malicious Client: 50qps
second 5: Malicious Client: 50qps
ip-ratelimit 40 might be perfect for malicious client, but it impacts
regular client experience.
Even measuring number of queries for two seconds ( instead of 1 ) would
make huge improvement.
BR
M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190116/597ab2d7/attachment.htm>
More information about the Unbound-users
mailing list