testing ratelimiting
Fredrik Pettai
pettai at sunet.se
Mon Sep 3 14:19:06 UTC 2018
Hi,
I’m experimenting a bit with the ratelimit features in unbound (1.6.7),
I just configured example suggestions to see how it turns out.
server:
ratelimit: 1000
ip-ratelimit: 100
So for instance, I see this in the log:
Sep 3 08:43:09 rl-test unbound: [21732:0] notice: ratelimit exceeded 172.17.0.3 100
Sep 3 08:43:09 rl-test unbound: [21732:1] notice: ip_ratelimit allowed through for ip address 172.17.0.3
Sep 3 08:43:09 rl-test unbound: [21732:1] notice: ip_ratelimit allowed through for ip address 172.17.0.3
Sep 3 08:43:09 rl-test unbound: [21732:2] notice: ip_ratelimit allowed through for ip address 172.17.0.3
Sep 3 08:43:10 rl-test unbound: [21732:0] notice: ip_ratelimit allowed through for ip address 172.17.0.3
Sep 3 08:43:10 rl-test unbound: [21732:0] notice: ip_ratelimit allowed through for ip address 172.17.0.3
First line indicate that thread 0 reports that 172.17.0.3 exceeded the ip-ratelimit of 100 qps.
Second to sixth line indicate that thread 0-2 reports that the enforcement is released.
I'm thinking / wondering...
- Wouldn’t be good if first line could mention that it’s the ip-ratelimit that kicked in?
- Why the repeated/duplicate messages (logged the same second) about "allowed through” ? (bug?)
Thx,
/P
More information about the Unbound-users
mailing list