Hi Ralph, > On 4 Sep 2018, at 11:17, Ralph Dolmans via Unbound-users > <[email protected]> wrote: > > Hi Fredrik, > > On 03-09-18 16:19, Fredrik Pettai via Unbound-users wrote: >> Hi, >> >> I’m experimenting a bit with the ratelimit features in unbound (1.6.7), >> I just configured example suggestions to see how it turns out. >> >> server: >> ratelimit: 1000 >> ip-ratelimit: 100 >> >> So for instance, I see this in the log: >> >> Sep 3 08:43:09 rl-test unbound: [21732:0] notice: ratelimit exceeded >> 172.17.0.3 100 >> Sep 3 08:43:09 rl-test unbound: [21732:1] notice: ip_ratelimit allowed >> through for ip address 172.17.0.3 >> Sep 3 08:43:09 rl-test unbound: [21732:1] notice: ip_ratelimit allowed >> through for ip address 172.17.0.3 >> Sep 3 08:43:09 rl-test unbound: [21732:2] notice: ip_ratelimit allowed >> through for ip address 172.17.0.3 >> Sep 3 08:43:10 rl-test unbound: [21732:0] notice: ip_ratelimit allowed >> through for ip address 172.17.0.3 >> Sep 3 08:43:10 rl-test unbound: [21732:0] notice: ip_ratelimit allowed >> through for ip address 172.17.0.3 >> >> First line indicate that thread 0 reports that 172.17.0.3 exceeded the >> ip-ratelimit of 100 qps. >> Second to sixth line indicate that thread 0-2 reports that the enforcement >> is released. >> >> I'm thinking / wondering... >> - Wouldn’t be good if first line could mention that it’s the ip-ratelimit >> that kicked in? > > Yes, that would make the logging more consistent. I changed the log line > to "ip_ratelimit exceeded" > >> - Why the repeated/duplicate messages (logged the same second) about >> "allowed through” ? (bug?) > > This is not the release of the limit but the queries that are allowed to > pass based on your ip-ratelimit-factor setting.
Ah, thanks for clarifying. Re, /P
