Is there a way to avoid miscreants?
Alessandro Vesely
vesely at tana.it
Sat Apr 4 11:50:24 UTC 2026
Hi,
yesterday I got 124,646 queries in ten minutes, between 1:50 and 2:00 AM UTC,
from 4,287 different IPs. The top IP was
2001:19f0:5401:2e01:5400:3ff:fed1:9863 with 47,304 queries for 5,261
subdomains, e.g. serverselect.tana.it, nu.tana.it, ll.tana.it,
ghsms.tana.it, dragoner.tana.it, cinemathe.tana.it, bluefire.tana.it,
umk.tana.it, tyche.tana.it, tsvb.tana.it.
When I designed the firewall, I didn't bother monitoring UDP connections to
port 53. It seemed to me like named could take care of itself. However, I
didn't configure any intrusion prevention features either. Are there any I
should enable?
Best
Ale
--
More information about the bind-users
mailing list