On 02/04/2020 10:12, Tessa Plum wrote:

> All the packages were DNS requests, some queries like 'dig domain.com any'.
> but their IP address seems spoofed.
> A request from the fake address to our nameserver, but nameserver try
> its best to reply to this unreal address.

If it's a recursive server, apply an ACL so that only expected clients
can query.

If it's an authoritative server, turn on Response Rate Limiting (RRL) if
it's BIND, or the equivalent feature if is isn't.

Ray

_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Reply via email to