refuse ANY queries

Aleš Rygl ales at rygl.net
Fri Sep 1 10:24:49 UTC 2017


Hi,

it is rather off-topic but it could help you: we use dnsdist DNS balancer to 
fight with various types of attacks including excessive amount of ANY queries. 
You can set up a rule counting queries per IP within a certain amount of time 
and react then. We have Unbound backends. 50kqps is a piece of cake.

BR

Aleš


> BTW it is possible to play nasty tricks and reply with an 'actual' ANY:
> 
> local-zone: "example.com." typetransparent
> local-data: "example.com. TYPE255 \# 1 00"
> 
> I hope such answer will break the botnet we are fighting against!
> 





More information about the Unbound-users mailing list