DGA Attack mitigation

Paul Vixie paul at redbarn.org
Mon Apr 9 19:15:48 UTC 2018

Rainer Duffner via Unbound-users wrote:
>> Am 09.04.2018 um 20:04 schrieb Mahdi Adnan via Unbound-users
>> <unbound-users at unbound.net <mailto:unbound-users at unbound.net>>:
>> Im running 20 Unbound servers and around 20% of response are NXDOMAIN,
>> for queries coming from my clients.
> Block those IPs that are obviously p4wned until they clean up their PCs?

the source addresses are forged. the victims are not unclean in any way. 
this is why rrl exists.

P Vixie

More information about the Unbound-users mailing list