Hi, it is rather off-topic but it could help you: we use dnsdist DNS balancer to fight with various types of attacks including excessive amount of ANY queries. You can set up a rule counting queries per IP within a certain amount of time and react then. We have Unbound backends. 50kqps is a piece of cake.
BR Aleš > BTW it is possible to play nasty tricks and reply with an 'actual' ANY: > > local-zone: "example.com." typetransparent > local-data: "example.com. TYPE255 \# 1 00" > > I hope such answer will break the botnet we are fighting against! >
