I do not find an option in NSD 3.2.15 nsd.conf to control the rate of
SLIP responses (truncated responses because the request was
rate-limited). BIND's RRL patch has it.
Apparently, NSD, by default, sends a lot of SLIP responses. Yes, they
are small but I would like to have less of them.
a message of 10 lines which said:
I do not find an option in NSD 3.2.15 nsd.conf to control the rate
of SLIP responses (truncated responses because the request was
rate-limited).
Even when reading the source code. The rate of 1/2 seems hardcoded.
/* discard half the packets, randomly */
if((random() & 0x1)) {
Also, I wouldn't mind having an option to control the length of the
rate-limited prefixes (it's also hardcoded).
/* we take a /24 for IPv4 and /64 for IPv6 */
...
return ((struct sockaddr_in*)&query->addr)->
sin_addr.s_addr & htonl(0xffffff00);
a message of 10 lines which said:
I do not find an option in NSD 3.2.15 nsd.conf to control the rate of
SLIP responses (truncated responses because the request was
rate-limited). BIND's RRL patch has it.Apparently, NSD, by default, sends a lot of SLIP responses. Yes, they
are small but I would like to have less of them.
Here is a proposed patch (the variable rrl-slip has the same behavior
as the BIND variable) against branch 3.2.
Tested and seems to work.
nsd-rrl-slip.patch (7.74 KB)
Hi Stephane,
Sorry for the late reply, but this did end up on my to do for NSD
3.2.16. Your patch looks good, I am planning to commit it to the
repository with a few changes (for example, we probably don't want to
enforcer a max slip of 5).
Best regards,
Matthijs