refuse ANY queries
ales at rygl.net
Fri Sep 1 10:24:49 UTC 2017
it is rather off-topic but it could help you: we use dnsdist DNS balancer to
fight with various types of attacks including excessive amount of ANY queries.
You can set up a rule counting queries per IP within a certain amount of time
and react then. We have Unbound backends. 50kqps is a piece of cake.
> BTW it is possible to play nasty tricks and reply with an 'actual' ANY:
> local-zone: "example.com." typetransparent
> local-data: "example.com. TYPE255 \# 1 00"
> I hope such answer will break the botnet we are fighting against!
More information about the Unbound-users