Does compiling in RRL mean its active, even without a rate-limit {} control
block?
The other day, I got reports some service is getting intermittent lookup
failures for our ldap server.
Why these appliances have to query DNS servers many times per second to get
the address of a record with a TTL of 1 day....
In looking at the logs, I saw messages about rate-limit of various subnets.
(but, only for the busiest 2 of 8 caching servers) Starting when I first
updated to 9.9.4-P1. Though both had said they had stopped limiting responses
by the time I looked.
Just in case, I threw in a
rate-limit {
exempt-clients { k-state; };
};
where "k-state" is the same acl used with allow-query {} and allow-recursion {}.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
