No, the server under attack is not authoritative for any domain. It's mostly just used to resolve for our mail servers. I also use it from my notebook, but I guess I could find a different server to use.
Then just firewall block from Internet to that IP:53, allow queries only from the inside.
Or run BIND9 , which has the black-hole function which will return nothing to those queries, causing them all to timeout, sort of a tarpitting action.
If you need help setting it up and hardening, let me know. Len To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
