Response Rate Limiting in the Domain Name System (DNS RRL)
This page describes DNS Response Rate Limiting (DNS RRL) which is an experimental feature for domain name servers including CZ-NIC Knot DNS, NLNetLabs NSD, and ISC BIND9.
These patches and instructions pertain to authority name servers or authoritative views. Use of this kind of rate limiting for recursive or hybrid servers or views is currently unspecified.
Note Well:This is DNS RRL, meant to be implemented in many different name servers, it is not a BIND specific feature even though BIND was the first name server for which DNS RRL was implemented. DNS RRL will eventually be submitted to the IETF for standardization work. The need for DNS RRL is immediate and pressing, and the IETF processing of this work was therefore planned to come last rather than first.
Instructions for BIND9:
Please consider joining the ratelimits mailing list in order to join discussions about this technology. Especially interesting are stories of what worked and what did not work.
This work is a joint effort by Vernon Schryver and Paul Vixie.