Hi,
Simple, and possibly silly, question:
I am migrating a config from BIND to NSD (4.1.23) that has rate-limit:
rate-limit {
responses-per-second 100;
slip 2;
ipv4-prefix-length 32;
ipv6-prefix-length 64;
exempt-clients { ... };
}
Hence, I have set the following in my NSD config:
rrl-ratelimit: 100
rrl-slip: 2
rrl-ipv4-prefix-length: 32
rrl-ipv6-prefix-length: 64
rrl-whitelist-ratelimit: 0
I would like to apply the 'rrl-whitelist-ratelimit' to some clients
(identified by source IP) to mimic the 'exempt-clients' option in BIND.
The closest thing I have seen in the '' zone options.
Is RRL whitelisting based on client IP address available in NSD and how
to achieve it?
If not, is NOTIFY/AXFR from/to master servers counted in the RLL?
Thanks in advance.