That is not off topic at all. You could use python plugins to facilitate this. The Unbound python plugin documentation/examples page has a blcklist DNS example. It could be modified to trigger blacklist entries on query metrics. You can blacklist requesters through Unbound access control settings. You can blacklist domain responses by creating empty static domains. It seems you can mix the two with the new "views" feature.
- Eric -------- Original message -------- From: Aleš Rygl via Unbound-users <[email protected]> Date: 9/1/17 06:51 (GMT-05:00) To: [email protected] Subject: Re: refuse ANY queries Hi, it is rather off-topic but it could help you: we use dnsdist DNS balancer to fight with various types of attacks including excessive amount of ANY queries. You can set up a rule counting queries per IP within a certain amount of time and react then. We have Unbound backends. 50kqps is a piece of cake. BR Aleš > BTW it is possible to play nasty tricks and reply with an 'actual' ANY: > > local-zone: "example.com." typetransparent > local-data: "example.com. TYPE255 \# 1 00" > > I hope such answer will break the botnet we are fighting against! >
