allow-query does not seem to be working

Ray Bellis ray at
Mon Aug 8 20:09:24 UTC 2016

On 08/08/2016 20:59, Frank Even wrote:
> Thanks for the info.  Also I'll have to note that I completely missed
> that the "offending IP" is one of the .uk root servers so the next
> logical conclusion is I've probably got a box in one of my environments
> driving an amplification attack of some sort or something at those IPs
> that I need to figure out.  Sorry for the bother and thanks for the
> feedback.  Much appreciated.

The host in question ( is, but is actually
operated by UltraDNS / Neustar.

However to me it looks like _you're_ the one sending the queries, as
evidenced by the 'A?' in your tcpdump log (where the ? indicates query,
and 'A' on its own would be the response) and also the destination port
of 53.


More information about the bind-users mailing list