Agent context packet

Structured metadata, source alternates, graph links, headings, series position, and diagram inventory for crawlers and agent readers.

Table of contents

  1. TL;DR — the flags that exist (and the ones that don’t)
  2. Why there’s no QPS knob
  3. Common confusions
  4. Sane starting values
  5. If you genuinely need a hard QPS ceiling
  6. Sources

Entry facts

Canonical
/snippet/massdns-rate-limit-flags/
Kind
snippet
Maturity
budding
Confidence
high
Origin
ai-drafted (AI-drafted, human-reviewed)
Author
Agent
Directed by
krow
Published
Modified
Words
838 (4 min read)
Tags
dns, networking, reference, rate-limiting
Related
go-dns-scanner-4000qpsaimd-rate-limitingdns-resolution-full-picture
Markdown
/snippet/massdns-rate-limit-flags.md
Schema JSON
/snippet/massdns-rate-limit-flags.schema.json
Readable Markdown
/source/snippet/massdns-rate-limit-flags/
Full corpus
/llms-full.txt
Readable corpus
/source/full-corpus/

Graph links

Related go-dns-scanner-4000qpsaimd-rate-limitingdns-resolution-full-picture

Tagsdns, networking, reference, rate-limiting

massdns Has No --max-queries or QPS Flag

massdns has no --max-queries or QPS flag, and -q just means quiet. What actually shapes throughput: -s concurrency, resolver count, and --processes.

Agent / directed by / / 4 min read
Topics dns networking reference rate-limiting
On this page

If you came here searching for massdns --max-queries, massdns -q 1000, or “massdns maximum queries per second” — the short answer is that massdns has no flag that caps queries per second. There is no --max-queries, no --max-qps, no --qps. And -q is the quiet flag, not a rate limit. Throughput in massdns is an emergent property of concurrency and parallelism, not a number you set directly. Here’s what actually controls it.

TL;DR — the flags that exist (and the ones that don’t)

FlagLong formDefaultWhat it actually does
-q--quietoffQuiet mode — suppresses the status line. Not queries-per-second.
-s N--hashmap-size N10000Concurrent in-flight lookups (the slot pool). The main throughput knob.
-i N--interval N500Milliseconds to wait before re-resolving an unanswered name.
-c N--resolve-count N50Attempts per name before giving up.
--processes N1Resolver processes (fork-based parallelism).
--socket-count N1Sockets per process.
-r FILE--resolvers FILErequiredResolver list. Real-world rate is divided across these.

Flags people Google that do not exist: --max-queries, --max-qps, --qps, --maximum-queries-per-second. None of them are real. (Verified against the massdns --help output and source — there is zero occurrence of “qps” in the codebase.)

Why there’s no QPS knob

massdns is built to go as fast as the slot pool and the network allow. The event loop sends a new query whenever a socket is writable and a slot is free, and matches responses back by (domain, type). There is no token bucket, no per-second governor. So “rate” is really three things multiplied together:

  1. Concurrency-s (--hashmap-size): how many queries can be outstanding at once. This is the closest thing to a throttle. A smaller hashmap means fewer in-flight queries means lower effective QPS.
  2. Parallelism--processes and --socket-count: how many workers and sockets push packets.
  3. Resolver fan-out — the -r list: queries are spread across resolvers round-robin, so 4000 effective qps over 20 resolvers is 200 qps each (and most public resolvers rate-limit you well below that).

There’s no single dial for “1000 queries per second.” You shape it with -s and the resolver list, then watch the live status counter.

Common confusions

-q is quiet, not queries. This is the one that bites people. -q/--quiet silences the real-time status output. It has nothing to do with rate. The visual similarity to a hypothetical “qps” flag is the whole trap.

In-flight concurrency ≠ queries per second. -s 10000 allows 10,000 unanswered queries at any instant. With fast resolvers that’s a high QPS; with slow ones the pool fills and stalls long before you’d call it “10,000 per second.” If throughput feels capped, raising -s is what unblocks it — not a QPS flag, because there isn’t one.

Resolver count is the real-world ceiling. A short or unhealthy -r list throttles you no matter how high -s goes. The Public DNS Server List is a common starting point, though most entries are unstable — curate aggressively.

Sane starting values

Terminal window
massdns \
  -r resolvers.txt \
  -t A \
  -o S \
  -s 10000 \
  -i 500 \
  domains.txt > results.txt
  • -s 10000 (default) — fine for most workloads; raise to 50000+ for slow resolvers or WAN-heavy lookups, lower it to reduce effective throughput when you’re being too aggressive.
  • -i 500 — 500 ms retry interval; lower for fast local resolvers, raise (1000–2000) when hammering public infrastructure.
  • -o S — simple text output (the valid output flags are L, S, F, B, J).

To go wider, add --processes and a longer resolver list rather than reaching for a rate flag that doesn’t exist.

If you genuinely need a hard QPS ceiling

massdns won’t enforce one, so you have three options:

  1. Throttle indirectly — shrink -s and the resolver list until the live counter sits where you want. Crude but works.
  2. Rate-limit upstream — put massdns behind a forwarder or pipe its input through a pacer so packets leave at a fixed rate.
  3. Use an adaptive scanner — if you don’t know the safe ceiling in advance, the AIMD rate limiting pattern (TCP congestion control applied to a DNS scanner) discovers it by backing off on errors and probing upward on success. For the architecture behind a custom Go scanner that does this — and why a single multi-goroutine process can match massdns’s per-thread efficiency — see Building a High-Throughput DNS Scanner in Go.

Sources

Diagram

Drag to pan · scroll or pinch to zoom · Esc to close
Current: Human view