Hi I run an unbound dns cache resolver (version 1.22.0) on a freebsd 14.2 server. It is configured to only respond to queries from the local host and my network IP block.
Recently, I detected my server was involved in a DNS amplification attack. By default unbound doesn't respond to any query outside those allowed in the access list in the config file. How do I uncover the source IPs involved and potentially block them. Are there other options I need to enable to prevent further amplification attacks? I have checked the server and don't see any suspicious process running. Your support and advice is greatly appreciated. Regards izake
