refuse ANY queries
Aleš Rygl
ales at rygl.net
Fri Sep 1 10:24:49 UTC 2017
Hi,
it is rather off-topic but it could help you: we use dnsdist DNS balancer to
fight with various types of attacks including excessive amount of ANY queries.
You can set up a rule counting queries per IP within a certain amount of time
and react then. We have Unbound backends. 50kqps is a piece of cake.
BR
Aleš
> BTW it is possible to play nasty tricks and reply with an 'actual' ANY:
>
> local-zone: "example.com." typetransparent
> local-data: "example.com. TYPE255 \# 1 00"
>
> I hope such answer will break the botnet we are fighting against!
>
More information about the Unbound-users
mailing list