Millions of './ANY/IN' queries denied
Danilo Godec
danilo.godec at agenda.si
Wed Dec 15 11:51:19 UTC 2021
Hello,
I'm noticing some unusual activity where 48 external IPs generated over
2M queries that have all been denied (just today):
15-Dec-2021 00:01:42.023 security: info: client @0x7f96180b3fe0
194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied
15-Dec-2021 00:01:42.023 security: info: client @0x7f9618019e20
194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied
15-Dec-2021 00:01:42.023 security: info: client @0x7f9618019e20
194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied
15-Dec-2021 00:01:42.023 security: info: client @0x7f9618019e20
194.48.217.14#59698 (.): view outside: query (cache) './ANY/IN' denied
15-Dec-2021 00:01:42.123 security: info: client @0x7f9618019e20
45.145.227.33#11092 (.): view outside: query (cache) './ANY/IN' denied
15-Dec-2021 00:01:42.127 security: info: client @0x7f96180b3fe0
45.145.227.33#11092 (.): view outside: query (cache) './ANY/IN' denied
I'm guessing this is some sort of an reflection attack attempt, but I
don't quite understand if these are the perpetrators or victims?
Would I be doing a bad thing by using fail2ban to block these IPs?
Regards,
Danilo
More information about the bind-users
mailing list