[Pdns-users] Is it possible to block all ANY queries?

Federico Olivieri lvrfrc87 at gmail.com
Wed Dec 16 23:11:58 UTC 2015


Hi, have you tried with iptables? You can  set the max ANY quries for IP
and track the IP that ask for the ANY query
On 16 Dec 2015 22:05, "Josh Sanders" <facil77 at gmail.com> wrote:

> Hello,
>
> I just set up PowerDNS and it works faultlessly:
> pdns-static_3.4.7-1_amd64.deb
>
> But It keeps receiving  100s of ANY queries.
>
> PowerDNS/Bind Backend has zone: mydomain.com but It keeps receiving  ANY
> queries like those:
>
> Remote xxx.xxx.xxx.xxx wants 'domainA.com|ANY', do = 0, bufsize = 1680:
> packetcache MISS
> Remote xxx.xxx.xxx.yyy wants 'domainB.com|ANY', do = 0, bufsize = 1680:
> packetcache MISS
> Remote xxx.xxx.xxx.zzz wants 'domainC.com|ANY', do = 0, bufsize = 1680:
> packetcache MISS
> Remote xxx.xxx.xxx.www wants 'domainD.com|ANY', do = 0, bufsize = 1680:
> packetcache MISS
>
> I know how to block those ips with fail2ban but I would not like to have
> 100s of iptables rules.
>
> Is there a way to block ANY queries?
>
> I mean like CloudFlare does: Please stop asking for ANY / See
> draft-jabley-dnsop-refuse-any
>
> Also, I tried any-to-tcp=yes but it seems not working.
>
> Thanks
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20151216/3065d208/attachment-0001.html>


More information about the Pdns-users mailing list