[GLLUG] Failing DNS queries
Andy Smith
andy at bitfolk.com
Sat Jan 9 01:42:54 UTC 2021
Hello,
On Sat, Jan 09, 2021 at 12:59:17AM +0000, Tim Woodall via GLLUG wrote:
> 359 173.231.186.139 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
> is this some sort of DNS amplification that I've not heard of
Probably not. They are probably looking for open resolvers to use in
DNS amplification DDoS attacks.
> and do I need to do something different?
I'd firewall it off (with a DROP) except for networks that are
supposed to be using it, and not bother looking at the logs unless
it became problematic levels of traffic.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
More information about the GLLUG
mailing list