Unbound dns resolver involved in DNS Amplification attack
sir izake
sirizake at gmail.com
Mon Mar 24 10:18:38 UTC 2025
Hi
I run an unbound dns cache resolver (version 1.22.0) on a freebsd 14.2
server. It is configured to only respond to queries from the local host and
my network IP block.
Recently, I detected my server was involved in a DNS amplification attack.
By default unbound doesn't respond to any query outside those allowed in
the access list in the config file. How do I uncover the source IPs
involved and potentially block them.
Are there other options I need to enable to prevent further amplification
attacks?
I have checked the server and don't see any suspicious process running.
Your support and advice is greatly appreciated.
Regards
izake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20250324/a68a1439/attachment.htm>
More information about the Unbound-users
mailing list