Hi Matthijs, I generally like the idea, and we will discuss it in the team. Could you create and issue in our gitlab for that, so the message doesn't get eaten by our every-hungry INBOXes, please?

Cheers, Ondrej -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ -------------------------------------------- ----- Original Message ----- > Hi, > > I recently started trying out Knot DNS and it has been a pleasure so > far. I like the query modules and how easy it is to construct a query plan. > > I am thinking of putting knot as the public-facing server and enable RRl > on it. However, I noticed that rate limiting comes *before* forwarding > the unsatisfied query to the remote backend. This means effectively that > all the queries will be rate limited by error classification. > > Wouldn't it be better to apply ratelimits after all stages of the query > plan have been processed? In other words, rate limit based on the final > response, rather than an intermediate state. This way you can truly use > knot as a rate-limiting, public-facing server protecting your backend > name server. > > Thoughts? > > Best regards, > Matthijs > _______________________________________________ > knot-dns-users mailing list > knot-dns-users(a)lists.nic.cz > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users