Am 15.12.21 um 15:01 schrieb John Kristoff:
Would I be doing a bad thing by using fail2ban to block these IPs?
This might be dangerous. If someone spoofs a well formed UDP query
that does what the above does and you block it, what if the spoofed
source is something you don't want blocked? This doesn't happen often,
but I've seen it happen and people have gotten badly burned by it
it's even an attack surface
nothing easier than forge udp queries to trigger fail2ban for whatever
IP the attacker wants
feed it with ISP and google resolvers to take your domains down for a
large part of the world
it's called "self-DOS" - "denial of service" don't need much resources,
it's enough when you are taking you down at your own
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
