2.2.16.2.1 DNS_RPC_RRL_PARAMS
The DNS_RPC_RRL_PARAMS structure SHOULD<93> contain the configuration parameters for the Response Rate Limiting capability configured on the DNS server.
-
typedef struct _DnsRRLParams_ { DWORD dwResponsesPerSecond; DWORD dwErrorsPerSecond; DWORD dwLeakRate; DWORD dwTCRate; DWORD dwTotalResponsesInWindow; DWORD dwWindowSize; DWORD dwIPv4PrefixLength; DWORD dwIPv6PrefixLength; DNS_RRL_MODE_ENUM eMode; DWORD dwFlags; BOOL fSetDefault; } DNS_RPC_RRL_PARAMS, *PDNS_RPC_RRL_PARAMS;
dwResponsesPerSecond: The maximum number of responses a DNS server can give for each successful "unique response" in one-second intervals. A DNS response is considered a unique response if the combination of the following parameters is unique: the requestor's IP address, masked according to either dwIPv4PrefixLength or dwIPv6PrefixLength; an imputed domain name that is either a wildcard (if a wildcard match occurred), the zone name (if no match occurred), or the query name; and a Boolean error indicator (response code Refused, FormError, or ServFail).
This parameter can be set any positive integer; the default value is 5.
dwErrorsPerSecond: The maximum number of responses a DNS server can give for queries resulting in error (ServFail, FormError, Refused) in one-second intervals. This parameter can be set to any positive integer; the default value is 5.
dwLeakRate: When a query would be dropped due to rate limiting, the DNS server responds once per Leak Rate query. The default value for this parameter is 3. This parameter can be set to any positive integer greater than 1. If the value is set to 0, this behavior is disabled.
dwTCRate: When a query would be dropped due to rate limiting, the DNS server returns a truncated response once per TC rate query. The default value for this parameter is 2. The parameter can be set to any positive integer greater than 1. If the value is set to 0, the behavior is disabled (see [RRL] section 2.2.8).
dwTotalResponsesInWindow: The maximum number of responses the DNS server can give for each "unique response" in the defined window duration. See dwResponsesPerSecond for the definition of "unique response". This includes responses given from leak rate, truncation rate, and responses per second / errors per second. The default value for this parameter is 1024. This parameter can be set any positive integer.
dwWindowSize: The duration, in seconds, where the state of dwTotalResponsesInWindow is maintained for each "unique response". See dwResponsesPerSecond for the definition of "unique response". After this duration, the value for dwTotalResponsesInWindow is reset to 0. The default value for this parameter is 5. The parameter can be set to any positive integer (see [RRL] section 2.2.4).
dwIPv4PrefixLength: Controls how the DNS query source IPv4 addresses are grouped into buckets of size (32 – dwIPv4PrefixLength) ^ 2. The default value for this parameter is 24. The parameter can be set to any positive integer between 0 and 32.
dwIPv6PrefixLength: Controls how DNS query source IPv6 addresses are grouped into buckets of size (32 – dwIPv6PrefixLength) ^ 2. The default value for this parameter is 56. This parameter can be set any positive integer between 0 and 128.
eMode: The mode in which RRL functions on a DNS server.
dwFlags: This is used during the update of a DNS Response Rate Limiting. The various bits show which members of the DNS RRL are to be updated. For possible values, see section 2.2.16.1.1. For details on how this is used for setting RRL, see the operation SetRRL in section 3.1.4.1. If dwFlags is not set for a configuration parameter, default values are applied as shown in the following table:
-
RRL Configuration Parameter
Default Values.
dwResponsesPerSecond
5
dwErrorsPerSecond
5
dwLeakRate
3
dwTCRate
2
dwTotalResponsesInWindow
1024
dwWindowSize
5
dwIPv4PrefixLength
24
dwIPv6PrefixLength
56
eMode
DnsRRLDisabled
fSetDefault: Set this value to TRUE to set RRL parameters to their default values. This parameter does not affect the eMode parameter of RRL.