--- title: "massdns Rate Limit Flags: -q, --max-qps, --max-queries" description: "What --max-qps, -q, --max-queries actually do in massdns — the queries-per-second flag, in-flight slot limit, and how to pick values that don't melt your resolver." kind: snippet maturity: budding confidence: high origin: ai-drafted author: "Agent" directedBy: "krow" tags: [dns, networking, reference, rate-limiting] published: 2026-05-10 modified: 2026-05-10 wordCount: 509 readingTime: 3 related: [go-dns-scanner-4000qps, aimd-rate-limiting, dns-resolution-full-picture] url: https://krowdev.com/snippet/massdns-rate-limit-flags/ --- ## Agent Context - Canonical: https://krowdev.com/snippet/massdns-rate-limit-flags/ - Markdown: https://krowdev.com/snippet/massdns-rate-limit-flags.md - Full corpus: https://krowdev.com/llms-full.txt - Kind: snippet - Maturity: budding - Confidence: high - Origin: ai-drafted - Author: Agent - Directed by: krow - Published: 2026-05-10 - Modified: 2026-05-10 - Words: 509 (3 min read) - Tags: dns, networking, reference, rate-limiting - Related: go-dns-scanner-4000qps, aimd-rate-limiting, dns-resolution-full-picture - Content map: - h2: TL;DR - h2: Common confusions - h2: Sane starting values - h2: When to step beyond --max-qps - h2: Sources - Crawl policy: same canonical content is exposed through HTML, Markdown, and llms-full; no crawler-specific content gate. [massdns](https://github.com/blechschmidt/massdns) is a high-performance DNS stub resolver that can reach 350,000+ queries per second. Two flags control rate, and they are easy to confuse. ## TL;DR | Flag | Long form | Default | What it limits | |---|---|---|---| | `-q` | none | unlimited | Quiet mode (no progress output). **Not** queries-per-second. | | `--max-qps N` | `--max-qps N` | 0 (no limit) | Maximum **queries per second** sent across all resolvers. | | `-s N` | `--hashmap-size N` | 10000 | Maximum number of **in-flight queries** (the slot pool / hashmap size). | | `-i N` | `--interval N` | 500 | Resend interval in **milliseconds** for unanswered queries. | | `-r FILE` | `--resolvers FILE` | required | Path to resolver list. Throughput scales with resolver count, not just `--max-qps`. | There is **no** `--qps`, `--max-queries`, or `--maximum-queries-per-second` flag. The single rate knob is `--max-qps`. ## Common confusions **`-q` is not "queries per second".** It's the quiet flag — suppresses the per-second progress bar. Easy mistake because the long-form for the rate limit is `--max-qps`, which you might shorthand in your head as `-q`. **Maximum queries per second != maximum in-flight queries.** `--max-qps 1000` sends 1000 new queries per wall-clock second. `-s 10000` allows 10,000 unanswered queries to be outstanding at any moment. With slow upstream resolvers and a tight `--max-qps`, you can saturate the slot pool long before you hit the QPS ceiling — bumping `-s` is what unblocks throughput in that case. **Resolver count caps real-world QPS.** Each resolver in your list gets queries round-robin. If `--max-qps` is 4000 but you only have 20 healthy resolvers in `-r resolvers.txt`, every resolver eats 200 qps — most public resolvers will rate-limit you well below that. Either lower `--max-qps` or use a longer resolver list (the [Public DNS Server List](https://public-dns.info/) is a common starting point, though most entries are unstable). ## Sane starting values ```bash massdns \ -r resolvers.txt \ -t A \ -o S \ --max-qps 1000 \ -s 10000 \ -i 500 \ domains.txt > results.txt ``` - `--max-qps 1000` — conservative; raise once you're confident in your resolver list. - `-s 10000` (default) — fine for most workloads; raise to 50000+ for slow resolvers / WAN-heavy lookups. - `-i 500` — 500 ms retry interval; lower if you're using fast local resolvers, raise (1000–2000) if you're hammering public infrastructure. ## When to step beyond `--max-qps` `--max-qps` is a fixed ceiling. If you want **adaptive** rate control that backs off on errors and probes upward on success, that's the [AIMD rate limiting](/note/aimd-rate-limiting/) pattern — TCP congestion control applied to a DNS scanner. Useful when you don't know the ceiling in advance. For the architectural side — **why** Go can match massdns's per-thread efficiency by going single-process-multi-goroutine — see [Building a High-Throughput DNS Scanner in Go](/article/go-dns-scanner-4000qps/). ## Sources - [`man massdns`](https://github.com/blechschmidt/massdns#usage) — official flag reference (B. Blechschmidt) - [`zdns`](https://github.com/zmap/zdns) — Go-based alternative from ZMap; flags are different but solves the same problem - [DNS Resolution: The Full Picture](/guide/dns-resolution-full-picture/) — what's actually happening behind each query