Is there a way to avoid miscreants?
Nick Tait
nick at tait.net.nz
Sat Apr 4 21:03:36 UTC 2026
Hi Alessandro.
Not sure if this helps, but these are the options that I’ve added to my external authoritative view to harden it:
recursion no;
allow-recursion { none; };
max-cache-size 2m;
empty-zones-enable no;
rate-limit {
responses-per-second 5;
window 5;
};
Nick.
> On 5 Apr 2026, at 5:34 AM, Mike <debian at good-with-numbers.com> wrote:
>
> Alessandro Vesely wrote:
>> yesterday I got 124,646 queries in ten minutes, between 1:50 and 2:00 AM
>> UTC, from 4,287 different IPs. The top IP was
>> 2001:19f0:5401:2e01:5400:3ff:fed1:9863 with 47,304 queries for 5,261
>> subdomains
>
>> Are there any I should enable?
>
> Probably. What's available depends on your firewall.
>
> Nftables can do rate limiting to the port, regardless of source IP, though
> that would affect legitimate traffic, too. Rate limiting by source IP
> block looks like it would help a lot, too, in this case.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
More information about the bind-users
mailing list