Description

Per issue #664 (closed) and Support ticket https://support.isc.org/Ticket/Display.html?id=13720, it can be hard to determine whether or not a specific server is being limited by fetches-per-server if the quota is not actively being adjusted up or down. The most likely scenario where a server is being invisibly limited is when the quota has already dropped to the lowest value and has been sitting there for some time.

Request

BIND stores the current values of quota and atr (adjusted timeout rate) in the ADB entry for each server IP address.

Whilst dumping cache in order to look at the ADB entries is one way of seeing which servers are currently being rate-limited, this method of checking is not exactly 'accessible' and it would be far nicer to have a feature of rndc that does this and formats them nicely for a DNS administrator or sysadmin.

; problem-server.example.com [v4 TTL 2658] [v4 not_found] [v6 unexpected] ; 192.0.2.25 [srtt 948570] [flags 00004000] [ttl -342230] [atr 0.62] [quota 1]

Obviously, only dump the ones with a non-zero atr and/or quota < fetches-per-server

We could perhaps do something similar for fetches-per-zone.

The option's documentation should clearly indicate that per-zone rate limiting will reset and resume periodically as the zone to server mapping expires from ADB and is renewed. I believe (though happy to be told otherwise) that active address-based ADB entries will persist and not reset while the server is being queried frequently.

Links / references