Hi,
yesterday I got 124,646 queries in ten minutes, between 1:50 and 2:00 AM UTC,
from 4,287 different IPs. The top IP was
2001:19f0:5401:2e01:5400:3ff:fed1:9863 with 47,304 queries for 5,261
subdomains, e.g. serverselect.tana.it, nu.tana.it, ll.tana.it,
ghsms.tana.it, dragoner.tana.it, cinemathe.tana.it, bluefire.tana.it,
umk.tana.it, tyche.tana.it, tsvb.tana.it.
When I designed the firewall, I didn't bother monitoring UDP connections to
port 53. It seemed to me like named could take care of itself. However, I
didn't configure any intrusion prevention features either. Are there any I
should enable?
Best
Ale
--
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
