Guillaume-Jean Herbiet
2018-Aug-09 08:18 UTC
[nsd-users] RRL: Whitelist based on client IP address
Hi,
Simple, and possibly silly, question:
I am migrating a config from BIND to NSD (4.1.23) that has rate-limit:
rate-limit {
responses-per-second 100;
slip 2;
ipv4-prefix-length 32;
ipv6-prefix-length 64;
exempt-clients { ... };
}
Hence, I have set the following in my NSD config:
rrl-ratelimit: 100
rrl-slip: 2
rrl-ipv4-prefix-length: 32
rrl-ipv6-prefix-length: 64
rrl-whitelist-ratelimit: 0
I would like to apply the 'rrl-whitelist-ratelimit' to some clients
(identified by source IP) to mimic the 'exempt-clients' option in BIND.
The closest thing I have seen in the '' zone options.
Is RRL whitelisting based on client IP address available in NSD and how
to achieve it?
If not, is NOTIFY/AXFR from/to master servers counted in the RLL?
Thanks in advance.
--
Guillaume-Jean Herbiet, PhD
System engineer
Fondation RESTENA / dns.lu
2, avenue de l'Universit?
L-4365 Esch-sur-Alzette
tel.: +352.424409
fax.: +352.422473
https://www.restena.lu https://www.dns.lu
Public key ID: 0x3A4C47C7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20180809/271afe13/attachment.bin>