Knowledge Base ISC Main Website Ask a Question/Contact ISC
How do I enable Response Rate Limiting (RRL) on BIND 9.9.4?
Author: ISC Support Reference Number: AA-01058 Views: 14751 Created: 2013-10-01 12:00 Last Updated: 2018-04-20 22:59 0 Rating/ Voters

BIND 9.9.4 (and higher) provides support for Response Rate Limiting (RRL).  However, it is not enabled by default when building BIND.  The reason for this is that BIND 9.9 is an Extended Support Version of BIND and per our policy on mangement of ESVs, we do not introduce any new features or functionality to a stable ESV version.

Therefore the activation of RRL as a new feature must be selected when building BIND via the new configure option --enable-rrl:

$ ./configure --enable-rrl

In the BIND 9.9 subscription-only releases (for example, 9.9.4-S3), RRL is always available, and there is no configure option to enable it.  This will also be the case in BIND 9.10.

© 2001-2018 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback 4
  • #
    [Richard Olsen]: --enable-rrl 2014-01-30 15:44

    It isn't a valid option in the 9.9.4-S3 release? Did it get set as a default option?

  • #
    [Cathy Almond]: Re: --enable-rrl 2014-01-31 11:45

    It's built-in to the subscription versions (and from 9.10 onwards). The reason we made it optional for 9.9 was that to do otherwise, was breaking the rule of 'no new features/functionality' for an extended support version. One of the reasons for the existence of ESV versions of BIND is to ensure that we provide stability along with necessary bug fixes only.

  • #
    [ Josh]: Redhat or CentOS 5.9 cannot compile BIND 9.8.6 and 9.9.4 2013-10-03 09:30

    Dear ISC,

    We are HKIRC, the registry of .hk ccTLD. We found that two new BIND 9.8.6 and 9.9.4 cannot be compiled in Redhat / CentOS 5.4 - 5.9.

    We can apply these two new BIND in Solaris 10, Redhat / CentOS 6.4 , and even the old Solaris 9.

    the following is my command using in compilation.

    for BIND 9.8.6 or older, and BIND 9.9.3 or older

    export STD_CDEFINES

    ./configure --prefix=/usr/local/bind-9.x.y --with-openssl --enable-threads
    make install

    for BIND 9.9.4
    export STD_CDEFINES

    ./configure --prefix=/usr/local/bind-9.9.4 --with-openssl --enable-threads --enable-rrl
    make install

    Would you help to check the problem?


  • #
    [Cathy Almond]: Re: Redhat or CentOS 5.9 cannot compile BIND 9.8.6 and 9.9.4 2013-10-03 10:39

    Please see

Quick Jump Menu