allow-query does not seem to be working
ray at isc.org
Mon Aug 8 20:09:24 UTC 2016
On 08/08/2016 20:59, Frank Even wrote:
> Thanks for the info. Also I'll have to note that I completely missed
> that the "offending IP" is one of the .uk root servers so the next
> logical conclusion is I've probably got a box in one of my environments
> driving an amplification attack of some sort or something at those IPs
> that I need to figure out. Sorry for the bother and thanks for the
> feedback. Much appreciated.
The host in question (126.96.36.199) is nsa.nic.uk, but is actually
operated by UltraDNS / Neustar.
However to me it looks like _you're_ the one sending the queries, as
evidenced by the 'A?' in your tcpdump log (where the ? indicates query,
and 'A' on its own would be the response) and also the destination port
More information about the bind-users