A large number of "ANY" query type queries
anandb at ripe.net
Wed Mar 28 08:39:11 UTC 2012
On 28/03/2012 10:21, Stephane Bortzmeyer wrote:
>> The same IP address, produced a large number of requests within a
>> very short period of time. Can I block these IPs?
> You probaably should not. The source IP address is forged, it is the
> address of the victim. If you block it, the victim will not be able to
> talk to your name servers.
As Stéphane says, do not block the address. It's probably better to
rate-limit the address. You can do that on your server with iptables
(Linux) or ipfw (*BSD) or on your router.
More information about the bind-users