-
Marek Vavrusa authored
New classes: * ANY (for ANY qtype) * DNSSEC (for qtype = DNSSEC-related record) Now logging when netblock enters/leaves rate limiting. Calculated by the previous window when dt>0 and number of available tokens is zero. Buckets under a slow-start phase cannot reset on subsequent collisions, this is to avoid potential collision attack when two precalculated packets hit the same bucket regularly. This could happen in a legitimate traffic as well (less probably), if it does, the clients won't get completely denied, but will share the remaining rate until the slow-start phases out (1 time window). refs #2136
3d2f8efe