refuse ANY queries

Aleš Rygl ales at
Fri Sep 1 10:24:49 UTC 2017


it is rather off-topic but it could help you: we use dnsdist DNS balancer to 
fight with various types of attacks including excessive amount of ANY queries. 
You can set up a rule counting queries per IP within a certain amount of time 
and react then. We have Unbound backends. 50kqps is a piece of cake.



> BTW it is possible to play nasty tricks and reply with an 'actual' ANY:
> local-zone: "" typetransparent
> local-data: " TYPE255 \# 1 00"
> I hope such answer will break the botnet we are fighting against!

More information about the Unbound-users mailing list