Is there a way to avoid miscreants?
Mike
debian at good-with-numbers.com
Sat Apr 4 17:26:03 UTC 2026
Alessandro Vesely wrote:
> yesterday I got 124,646 queries in ten minutes, between 1:50 and 2:00 AM
> UTC, from 4,287 different IPs. The top IP was
> 2001:19f0:5401:2e01:5400:3ff:fed1:9863 with 47,304 queries for 5,261
> subdomains
> Are there any I should enable?
Probably. What's available depends on your firewall.
Nftables can do rate limiting to the port, regardless of source IP, though
that would affect legitimate traffic, too. Rate limiting by source IP
block looks like it would help a lot, too, in this case.
More information about the bind-users
mailing list