O parâmetro slip
afeta como as respostas limitadas por taxa são processadas. Digamos, por exemplo, 8 respostas seriam limitadas por taxa. Pelo padrão slip=2
, 4 dessas respostas (todas as outras) seriam uma resposta truncada e 4 não seriam enviadas. Com slip=0
, nenhuma resposta seria enviada. com slip=1
, 8 respostas truncadas seriam enviadas. com slip=4
, seriam enviadas 2 respostas truncadas.
Basicamente, o escorregamento permite que algumas respostas cheguem ("escorregue") se, de outra forma, ficariam bloqueadas pelo RRL.
Mais informações no BIND9,10 ARM oficial da Seção 6.2.16.21 "Limitação da taxa de resposta":
Many attacks using DNS involve UDP requests with forged source addresses. Rate limiting prevents the use of BIND 9 to flood a network with responses to requests with forged source addresses, but could let a third party block responses to legitimate requests. There is a mechanism that can answer some legitimate requests from a client whose address is being forged in a flood. Setting slip to 2 (its default) causes every other UDP request to be answered with a small truncated (TC=1) response. The small size and reduced frequency, and so lack of amplification, of ”slipped” responses make them unattractive for reflection DoS attacks. slip must be between 0 and 10. A value of 0 does not ”slip”: no truncated responses are sent due to rate limiting, all responses are dropped. A value of 1 causes every response to slip; values between 2 and 10 cause every n’th response to slip. Some error responses including REFUSED and SERVFAIL cannot be replaced with truncated responses and are instead leaked at the slip rate.