Hi all, I am using ISPConfig 3 for DNS server pair, Master/Slave. Unfortunately, we have customers with remote locations that use our DNS servers. We got a notice that one of these servers was involved in a Open recursive resolver used for an attack. What can I do to limit the number of external connections to prevent this while still allowing external users access? I found something about tcp-connections, but doesn't it also use UDP? I know the perfect solution is to allow only subnets we control, but that wont work due to the remote users. What else can I do? These are both behind ASA firewalls, so if there is something I can do on them, that would be good too.
