I saw in the release notes about the new default rate limiting of 1000 queries per 60 seconds. Furthermore the documentation mentioned that this is applied per-client, but it seems that the configuration for it is global (across all clients).
Can I configure this policy per client? I have 1 client on my network (Synology NAS which does cloud-backups twice a week) and this client is now getting blocked. I've had to turn off rate limiting so that it can run, but that also removes a nice feature that I'd like to be applied to the rest of my clients on the network.
This is correct. The setting of A/B is applicable to all clients.
Rate limiting is done individual for each client using the global A/B setting.
If client X exceeds the limit, only client X is rate limited. Client Y which does not exceed the limit is not rate limited.
No.
I would take a look at this peak activity rate and set the A/B limits to just above it. This will allow your network to work properly while still providing a rate limit to thwart any deliberate DDOS attacks.
As an example, my Synology does scheduled database update activity early Sunday morning, and the Pi-hole dashboard shows the max DNS activity at 442 queries in a 10 minute window.
If this were the max rate from any client over any 10 minute window, I would set the rate limit to 500/600 (to give a bit of headroom).