Question:

BIND DNS rate-limit: qps-scale understanding

Aubrey: 02 February 2022

I have a few questions concerning qps-scale and how it is used when rate-limit option is used in BIND.

Referencing: http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit and https://ftp.isc.org/isc/bind9/9.10.8-P1/doc/arm/Bv9ARM.pdf Page 119

Definition: Range allowed is 1 to very big number (actually 32 bit unsigned value, which is still a very big number). Default is not to apply qps-scaling. The rate limiting function calculates the approximate query per second load on the DNS from all sources (including TCP queries). The qps-scale, if defined, is then applied which may result in a reduction of the user supplied limits, such as responses-per-second during high-load situations. Thus, assume the user defined responses-per-second 10; and a qps-scale 200; then if the DNS server is receiving queries (from all sources, including TCP) at a rate of 500 per second the following algorithm is applied (qps-scale/DNS query arrival rate) * responses-per-second = effective rate-limit, substituting actual values gives (200/500) * 10 = 4, meaning that in the defined load conditions the 5th and subsequent identical response in any 1 second to any specific client will be dropped (or trigger any defined slip parameter action). The qps-scale value, if used, should thus be set to the maximum desired DNS transaction (query response) rate for the server. http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit

My questions: With my understanding reading the definition above, the "DNS query arrival rate" is the current number of queries per second being sent to the DNS server which changes dynamically NOT the capacity of queries per second the DNS server is able to handle. Is my understanding true?

How is the "DNS query arrival rate" calculated by the DNS server?

How often is the "DNS query arrival rate" calculated?

If the qps-scale is defined, not 0, will the qps-scale formula always be used? For example: qps-scale 500; responses-per-second 50; "DNS query arrival rate" 200 (500 / 200) * 50 = 125 effective responses-per-second or is the qps-scale formula only used when the "DNS query arrival rate" is approximate or exceeds the qps-scale value?

Thanks Brent D

1. The `qps-scale` setting is used to determine a scaling factor for the Response Rate Limiting (https://ftp.isc.org/isc/bind9/cur/9.12/doc/arm/Bv9ARM.ch05.html#rrl) functionality, which limits the rate of identical responses.
3. Every `window` seconds (as part of RRL processing, so only happens if there are actually queries to answer)