Am Thu, 16 Aug 2012 22:18:19 -0700 schrieb John R Pierce <pierce at hogranch.com>: > On 08/16/12 9:54 PM, Jussi Hirvi wrote: > >> Aug 17 07:41:38 mx2 named[6873]: client 205.145.64.200#53: query > >> (cache) 'ripe.net/ANY/IN' denied > >> >Aug 17 07:41:38 mx2 named[6873]: client 204.10.45.5#53: query > >> >(cache) 'ripe.net/ANY/IN' denied Aug 17 07:41:38 mx2 named[6873]: > >> >client 78.40.35.212#53: query (cache) 'ripe.net/ANY/IN' denied > >> >Aug 17 07:41:38 mx2 named[6873]: client 207.207.3.126#53: query > >> >(cache) 'ripe.net/ANY/IN' denied > > Are there any ways to mitigate this, or do I just have to wait? > > > meh, if its coming from lots of random hosts, then fail2ban style > techniques won't work. I assume this is an authoritative name > server? does it have recursive queries disabled so it can only return > results for the domain(s) its authoritative for ? It's a common "attack". Just search google. I think, someone mentioned a firewall rule here a couple of weeks ago to block these types of queries.