Getting "query failed (REFUSED) for ./IN/ANY"

Alessandro Vesely vesely at
Wed Jan 13 15:21:28 UTC 2021

On Wed 13/Jan/2021 14:31:58 +0100 John Kristoff wrote:
> Some may be sourced from a security/research survey project, but some
> sources performing this may be for more nefarious purposes - building a
> list of open resolvers that will answer for the purposes of maintaining
> an amplication/reflection hit list.

I see some IPs are the same.  However, my attacker seems rather to be (blindly) 
attempting an amplification attack than building a list of open resolvers, 
because the same IP is usually retried 4~6 times.


More information about the bind-users mailing list