1

I'm wanting to implement some rate-limiting onto our named servers and am looking for some help on making sure the values are "sane". This is what I'm thinking...

rate-limit { errors-per-second 2;responses-per-second 15; window 60; };

Even after reading the docs, I'm still not 100% sure on how "window" is working in the case, so I just wanted to get an outside opinion. Do these values look 'sane' for general-purpose DDOS protection? Thoughts?

Egyas
  • 151
  • 2
  • 10
  • 1
    It is quite subjective and you are not giving a lot of details on your current setup, like the current rate of requests you get, and what kind of DDOS you expect. Nor ballpark of number of zones/records or even the bind version you use. You can also start with the mechanism only in logging mode so that you can see what would happen. It would be a better set of data than anything theoretical one can say. – Patrick Mevzek Sep 01 '21 at 21:31

0 Answers0