thank you all
“unbound-control get_option access-control” shows a list of IP blocks I have allowed/denied.
I have also done the explicit deny and recommended config hardening.
I will monitor and see if the issue reoccurs.
Thank you
izake
Unfortunately, the changes didn’t yield much results. The flood attack happened again but at a different time.
Any more suggestions?
Regards,
izake
You might want to refer to this?
https://closedresolver.korlabs.io/
https://mkorczynski.com/PAM2020Korczynski.pdf
The source IP address may be disguised as a permission range.
I call this kind of resolvers as "hidden open resolver".
https://www.e-ontap.com/misc/ieice2023oki/#(3) ... (Japanese)