Hello,
I'm noticing some unusual activity where 48 external IPs generated over 2M queries that have all been denied (just today): 15-Dec-2021 00:01:42.023 security: info: client @0x7f96180b3fe0 194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied 15-Dec-2021 00:01:42.023 security: info: client @0x7f9618019e20 194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied 15-Dec-2021 00:01:42.023 security: info: client @0x7f9618019e20 194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied 15-Dec-2021 00:01:42.023 security: info: client @0x7f9618019e20 194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied 15-Dec-2021 00:01:42.123 security: info: client @0x7f9618019e20 45.145.227.33#11092 (.): view outside: query (cache) './ANY/IN' denied 15-Dec-2021 00:01:42.127 security: info: client @0x7f96180b3fe0 45.145.227.33#11092 (.): view outside: query (cache) './ANY/IN' denied I'm guessing this is some sort of an reflection attack attempt, but I don't quite understand if these are the perpetrators or victims? Would I be doing a bad thing by using fail2ban to block these IPs? Regards, Danilo _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users