Il 24/03/2025 11:18, sir izake via Unbound-users ha scritto:
Hi,
I run an unbound dns cache resolver (version 1.22.0) on a freebsd 14.2
server. It is configured to only respond to queries from the local host
and my network IP block.
what do you get with `unbound-control get_option access-control'?
Recently, I detected my server was involved in a DNS amplification
attack. By default unbound doesn't respond to any query outside those
allowed in the access list in the config file. How do I uncover the
source IPs involved and potentially block them.
Are there other options I need to enable to prevent further
amplification attacks?
I have checked the server and don't see any suspicious process running.
Your support and advice is greatly appreciated.
Regards
izake
--
###############################
# Cristiano Deana #
# #
# Senior Network Engineer #
# Digital Response Team #
# CittaStudi S.p.a. #
# off. +39 015 855 1172 #
# cell +39 328 310 6392 #
###############################
