I have a domain "" flooding my server

I have this line multiple times - every 5 seconds approx. Jul 27 00:39:19 NN-server named[727]: client ( query (cache) ‘’ denied

Any suggestions how to block this - it is eating CPU and bandwith and most of all diskspace in logs.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Thx for answer- the IP is ever changing and not repeating. New IP every time, port changing ramdomly. The rest of the line is the same.

I will have a look at the DNS setup

Hi @regbk,

Where is your DNS hosted, are you hosting it on your own droplet or is it somewhere else? This is a seen behavior for BIND DNS.

Anyway, I’ll just block the IP addresses in your firewall until this cools down. You can use Iptables, UFW, CSF basically whatever you are using and block the IPs that you see in your logs.