Hi Alessandro.
Not sure if this helps, but these are the options that I’ve added to my
external authoritative view to harden it:
recursion no;
allow-recursion { none; };
max-cache-size 2m;
empty-zones-enable no;
rate-limit {
responses-per-second 5;
window 5;
};
Nick.
> On 5 Apr 2026, at 5:34 AM, Mike <[email protected]> wrote:
>
> Alessandro Vesely wrote:
>> yesterday I got 124,646 queries in ten minutes, between 1:50 and 2:00 AM
>> UTC, from 4,287 different IPs. The top IP was
>> 2001:19f0:5401:2e01:5400:3ff:fed1:9863 with 47,304 queries for 5,261
>> subdomains
>
>> Are there any I should enable?
>
> Probably. What's available depends on your firewall.
>
> Nftables can do rate limiting to the port, regardless of source IP, though
> that would affect legitimate traffic, too. Rate limiting by source IP
> block looks like it would help a lot, too, in this case.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
