mirror of
https://github.com/NLnetLabs/unbound.git
synced 2026-01-29 17:59:27 -05:00
- Update unbound.conf manpage and example.conf file for ratelimit
options.
This commit is contained in:
George Thessalonikefs
parent
c8a6234aac
commit
52283194eb
2 changed files with 18 additions and 1 deletions
|
|
@ -860,6 +860,10 @@ server:
|
|||
# 0 blocks when ratelimited, otherwise let 1/xth traffic through
|
||||
# ratelimit-factor: 10
|
||||
|
||||
# Aggressive rate limit when the limit is reached and until demand has
|
||||
# decreased in a 2 second rate window.
|
||||
# ratelimit-backoff: no
|
||||
|
||||
# override the ratelimit for a specific domain name.
|
||||
# give this setting multiple times to have multiple overrides.
|
||||
# ratelimit-for-domain: example.com 1000
|
||||
|
|
@ -880,6 +884,10 @@ server:
|
|||
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
||||
# ip-ratelimit-factor: 10
|
||||
|
||||
# Aggressive rate limit when the limit is reached and until demand has
|
||||
# decreased in a 2 second rate window.
|
||||
# ip-ratelimit-backoff: no
|
||||
|
||||
# Limit the number of connections simultaneous from a netblock
|
||||
# tcp-connection-limit: 192.0.2.0/24 12
|
||||
|
||||
|
|
|
|||
|
|
@ -1696,7 +1696,7 @@ to use different settings for a top\-level\-domain and subdomains.
|
|||
A value of 0 will disable ratelimiting for domain names that end in this name.
|
||||
.TP 5
|
||||
.B ip\-ratelimit: \fI<number or 0>
|
||||
Enable global ratelimiting of queries accepted per ip address.
|
||||
Enable global ratelimiting of queries accepted per IP address.
|
||||
If 0, the default, it is disabled. This option is experimental at this time.
|
||||
The ratelimit is in queries per second that are allowed. More queries are
|
||||
completely dropped and will not receive a reply, SERVFAIL or otherwise.
|
||||
|
|
@ -1723,6 +1723,15 @@ This can make ordinary queries complete (if repeatedly queried for),
|
|||
and enter the cache, whilst also mitigating the traffic flow by the
|
||||
factor given.
|
||||
.TP 5
|
||||
.B ip\-ratelimit\-backoff: \fI<yes or no>
|
||||
If enabled, the ratelimit is treated as a hard failure instead of the default
|
||||
maximum allowed constant rate. When the limit is reached, traffic is
|
||||
ratelimited and demand continues to be kept track of for a 2 second rate
|
||||
window. No traffic is allowed, except for ip\-ratelimit\-factor, until demand
|
||||
decreases below the configured ratelimit for a 2 second rate window. Useful to
|
||||
set ip\-ratelimit to a suspicious rate to aggressively limit unusually high
|
||||
traffic. Default is off.
|
||||
.TP 5
|
||||
.B outbound\-msg\-retry: \fI<number>
|
||||
The number of retries Unbound will do in case of a non positive response is
|
||||
received. If a forward nameserver is used, this is the number of retries per
|
||||
|
|
|
|||
Loading…
Reference in a new issue