Question

I have a domain "pizzaseo.com" flooding my server

Posted July 26, 2021 522 views
Firewall

I have this line multiple times - every 5 seconds approx.
Jul 27 00:39:19 NN-server named[727]: client 95.136.98.52#55252 (pizzaseo.com): query (cache) ‘pizzaseo.com/RRSIG/IN’ denied

Any suggestions how to block this - it is eating CPU and bandwith and most of all diskspace in logs.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hi @regbk,

Where is your DNS hosted, are you hosting it on your own droplet or is it somewhere else? This is a seen behavior for BIND DNS.

Anyway, I’ll just block the IP addresses in your firewall until this cools down. You can use Iptables, UFW, CSF basically whatever you are using and block the IPs that you see in your logs.

Thx for answer- the IP is ever changing and not repeating. New IP every time, port changing ramdomly. The rest of the line is the same.

I will have a look at the DNS setup