Move rate-limiting from per-client to per-client-per-domain #1468
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this implement/fix?
Let me be clear here: Rate-limit is there it protect you. It is not meant as a method to cause pain. What are we protecting against? Basically against Denial of Service (DoS) "attacks" either by a malicious attacker or by some client that has a bug or crashed or ... (you never know, we have seen so may things). If one attacker or or misbehaving client can take down your entire network because your DNS resolver runs out of memory - that doesn't sound like something you'd want, right? - and this is where FTL's rate-limiting kicks in, simply discarding queries when there are too many. The default settings are suitable both for home and enterprise, small and huge networks, however, they can always be adjusted (or even disabled) to your liking if you feel you need no DoS-protection.
This PR proposes to change FTL's rate-limiting mechanism from a pure "per-client" to a "per-client and per-domain" scheme. If a client queries
domain.com
like hell, it will get rate-limited as before. However, any other domain (sayexample.com
) can still resolved (except, obviously, it it gets queried too often, too).This reduces the "there is not Internet connection" effect some users reported at the costs of a much less effective rate-limiting as clients and/or malicious attackers can simply evade it by querying varying domains. We have seen this by buggy clients querying seemingly random subdomain - each of them would be counted on their own.
Related issue or feature (if applicable): N/A
Pull request in docs with documentation (if applicable): to be done
By submitting this pull request, I confirm the following:
git rebase
)Checklist:
developmental
branch.