>> Any best practices on this? >> >> I am running bind 9.11.4 >> >> thanks
> You could think about adding fail2ban to your server with some custom rules. > Helped us in a similar situation. You could also take advantage of BIND's built-in Response Rate Limiting which is explained here: https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/reference.html#response-rate-limiting I don't recall if BIND 9.11 supports that feature, but even if it does you should really be upgrading to 9.16.31 anyway (the latest Current-Stable, ESV). Best, Richard. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users