These are chat archives for CZ-NIC/knot-resolver

22nd
Feb 2018
Robert Šefr
@robcza
Feb 22 2018 16:49
Hello, I'm wondering whether there is a way to enforce response rate limiting in knot resolver. I believe I've seen an advice to use dynamic lua configuration (here on gitter), but I have no clue how to do it and the documentation provides no hint regarding rate limits. Can you provide an additional hint or snippet? Or am I wrong and it is actually not possible?
Vladimír Čunát
@vcunat
Feb 22 2018 16:57
@robcza: there is currently no support for rate limiting inside kresd. A week ago we mentioned it should be possible to use dnsdist for that, though I personally almost don't know it...
Robert Šefr
@robcza
Feb 22 2018 17:14
@vcunat ok, thank you. I would rather avoid dnsdist as it is another component with additional issues and shields the knot resolver from the source ip information
Vladimír Čunát
@vcunat
Feb 22 2018 17:17
Hmm, right, it does. They are actually proposing a standard in IETF allowing passing of this information by proxies, but that's not finished and in any case it isn't implemented by kresd.