Getting "query failed (REFUSED) for ./IN/ANY"
Richard T.A. Neal
richard at richardneal.com
Wed Jan 13 18:27:01 UTC 2021
Matus UHLAR - fantomas wrote:
> fail2ban should help not to see those messages
I expect there are probably only two people on the planet running BIND on Windows: me, and the ISC Developer responsible for building the Windows binaries 😊
As part of a larger project I've been developing a series of tools for BIND log file analysis on Windows. One of these tools includes dynamically updating the Windows firewall to block requests from IP addresses that are issuing these sorts of queries. The source IP is of course being spoofed when the request is sent over UDP, but I block it anyway because that means I'm *preventing* my BIND servers from participating in the DDoS attack by sending *any* traffic to the intended victim (the spoofed IP).
If anyone is interested in this then please get in touch - I'd be very happy to share my work if it will help others in the community. And who knows, perhaps that means there'll eventually be up to THREE of us running BIND on Windows!
Best,
Richard
richard at richardneal.com
More information about the bind-users
mailing list