<p dir="ltr">Hi, have you tried with iptables? You canĀ set the max ANY quries for IP and track the IP that ask for the ANY query</p>
<div class="gmail_quote">On 16 Dec 2015 22:05, "Josh Sanders" <<a href="mailto:facil77@gmail.com">facil77@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<br><br>I just set up PowerDNS and it works faultlessly: pdns-static_3.4.7-1_amd64.deb<br><br>But It keeps receivingĀ 100s of ANY queries.<br><br>PowerDNS/Bind Backend has zone: <a href="http://mydomain.com" target="_blank">mydomain.com</a> but It keeps receivingĀ ANY queries like those:<br><br>Remote xxx.xxx.xxx.xxx wants 'domainA.com|ANY', do = 0, bufsize = 1680: packetcache MISS<br>Remote xxx.xxx.xxx.yyy wants 'domainB.com|ANY', do = 0, bufsize = 1680: packetcache MISS<br>Remote xxx.xxx.xxx.zzz wants 'domainC.com|ANY', do = 0, bufsize = 1680: packetcache MISS<br>Remote xxx.xxx.xxx.www wants 'domainD.com|ANY', do = 0, bufsize = 1680: packetcache MISS<br><br>I know how to block those ips with fail2ban but I would not like to have 100s of iptables rules.<br><br>Is there a way to block ANY queries? <br><br>I mean like CloudFlare does: Please stop asking for ANY / See draft-jabley-dnsop-refuse-any<br><br>Also, I tried any-to-tcp=yes but it seems not working.<br><br>Thanks<br></div>
<br>_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br></blockquote></div>