named rate limiting - DDOS prevention

Egyas

1/1/23, 8:14 PM

I'm wanting to implement some rate-limiting onto our named servers and am looking for some help on making sure the values are "sane". This is what I'm thinking...

rate-limit { errors-per-second 2;responses-per-second 15; window 60; };

Even after reading the docs, I'm still not 100% sure on how "window" is working in the case, so I just wanted to get an outside opinion. Do these values look 'sane' for general-purpose DDOS protection? Thoughts?

0 + 1

bind

ddos

rate-limiting

Patrick Mevzek

1/1/23, 9:31 PM

It is quite subjective and you are not giving a lot of details on your current setup, like the current rate of requests you get, and what kind of DDOS you expect. Nor ballpark of number of zones/records or even the bind version you use. You can also start with the mechanism only in logging mode so that you can see what would happen. It would be a better set of data than anything theoretical one can say.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: named rate limiting - DDOS prevention

TH: การจำกัดอัตราที่มีชื่อ - การป้องกัน DDOS

RO: limitarea ratei numite - prevenirea DDOS

RU: ограничение именованной скорости — предотвращение DDOS

VI: named rate limiting - DDOS prevention

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.