module: make a mod-rrl module from query_processing rrl code

1 files changed, 0 insertions, 25 deletions

diff --git a/doc/configuration.rst b/doc/configuration.rst
index 3972d3893..448523570 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -247,31 +247,6 @@ processed::
         file: example.com.zone
         acl: update_acl
 
-Response rate limiting
-======================
-
-Response rate limiting (RRL) is a method to combat DNS reflection amplification
-attacks. These attacks rely on the fact that source address of a UDP query
-can be forged, and without a worldwide deployment of `BCP38
-<https://tools.ietf.org/html/bcp38>`_, such a forgery cannot be prevented.
-An attacker can use a DNS server (or multiple servers) as an amplification
-source and can flood a victim with a large number of unsolicited DNS responses.
-
-The RRL lowers the amplification factor of these attacks by sending some of
-the responses as truncated or by dropping them altogether.
-
-You can enable RRL by setting the :ref:`server_rate-limit` option in the
-:ref:`server section<Server section>`. The option controls how many responses
-per second are permitted for each flow. Responses exceeding this rate are
-limited. The option :ref:`server_rate-limit-slip` then configures how many
-limited responses are sent as truncated (slip) instead of being dropped.
-
-::
-
-    server:
-        rate-limit: 200     # Allow 200 resp/s for each flow
-        rate-limit-slip: 2  # Every other response slips
-
 .. _dnssec:
 
 Automatic DNSSEC signing