I am getting a lot of DNS requests like this, every few milliseconds : Code: 12-Nov-2020 11:02:11.273 query-errors: info: client @0x7fed3c005910 126.96.36.199#30053 (10171196235dot2dot11130302dot107dot180dot238dot54q1w2e3rty.henu.edu.cn): query failed (REFUSED) for 10171196235dot2dot11130302dot107dot180dot238dot54q1w2e3rty.henu.edu.cn/IN/A at query.c:5425 Note the tell-tale "qwerty". Other than pure abuse, I don't know what anyone seeks to gain with queries like that. I'd like to block these requests to reduce some DNS load. I think these are UDP requests so the IP address may be spoofed. Is there a way to use Fail2Ban or another tool to catch these requests before they get processed by named/BIND? Or, is the fact that the query was REFUSED an indicator that there is already code that's in place to block this stuff? I just don't want more resources than necessary to be consumed. I'd block the traffic outside of the server if I could. Would DNS RPZ be a solution for this? I have two systems providing DNS in this ISPConfig installation, my primary ISPConfig server is the primary DNS and the secondary DNS is another smaller box that isn't hosting anything else. Would it reduce the load on the ISPConfig controller if I make it the secondary DNS? I don't think so. Thanks!