Skip to content

Licensing

Pleiades enforces a requests-per-second (RPS) limit based on a license. The DNS server consults the licensing manager before answering queries.

Concepts - License payload: tier, maxRps, issued-at (iat), expiry (exp), id. - Format: base64url(JSON).base64url(HMAC-SHA256 signature) using a shared secret. - Effective RPS: defaults are applied when the license is missing/invalid/expired.

Defaults (see internal/config/config.go) - Unlicensed: 10 RPS - Free tier default: 50 RPS (unless license specifies maxRps)

Configuration 

license:
  secret: "dev-secret-change-me"
  licenseKey: "<base64url payload>.<base64url signature>"
- Environment overrides take precedence: - GSLB_LICENSE_SECRET - GSLB_LICENSE_KEY

Generator - Build: go build ./cmd/licensegen - Example: 30 days, paid tier, 1000 RPS 

./licensegen -tier paid -rps 1000 -expire-in 720h

Behavior - On startup, the manager validates the license and logs the effective tier/RPS. - At runtime, the DNS handler calls CheckRPSLimit() to enforce rate limits.

Notes - Keep the secret secure; rotate regularly. - Consider storing secrets in environment variables or a secret manager.