Hello,
I get DNS ddos attacks and I can't stop them.
DDoS protection is not active, the attacks being 100 Mbit / s.
I use directadmin + ConfigServer Security & Firewall (csf).
TCPDUMP:
13:09:29.528924 IP 6.ip-151-80-119.eu.domain > ns1.vital-host.eu.21825: 48606 8/4/9 RRSIG, RRSIG, RRSIG, RRSIG, DNSKEY, DNSKEY, DNSKEY[|domain]
13:09:29.529058 IP 6.ip-151-80-119.eu > ns1.vital-host.eu: udp
13:09:29.530713 IP vz2.webstandard.com.domain > ns1.vital-host.eu.11504: 20634-| 26/0/1 SOA, AAAA 2600:1f18:46d5:1100:4526:5944:91c8:a5b, DNSKEY, DNSKEY, DNSKEY, DNSKEY, TXT "v=spf1 mx ip4:65.205.231.173 ip4:65.205.231.174 ip4:65.205.231.175 ip4:65.205.231.176 ip4:68.232.140.78 include:customers.clickdimensions.com include:amazonses.com exists:%{i}.spf.PeaceCorps.iphmx.com ~all", TXT "@" "3600" "IN" "TXT" "adobe-idp-site-verification="c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29"", TXT "MS=ms93096948", TXT "google-site-verification=gIEZUYY9g2-1blybvLN_bniEoxie4FWclulHw6DvZUU", TXT[|domain]
13:09:29.530734 IP vz2.webstandard.com > ns1.vital-host.eu: udp
13:09:29.530738 IP vz2.webstandard.com > ns1.vital-host.eu: udp
13:09:29.532080 IP 6.ip-151-80-119.eu.domain > ns1.vital-host.eu.21825: 48606 8/4/9 RRSIG, RRSIG, RRSIG, RRSIG, DNSKEY, DNSKEY[|domain]
13:09:29.532094 IP 6.ip-151-80-119.eu > ns1.vital-host.eu: udp
13:09:29.535654 IP vz2.webstandard.com.domain > ns1.vital-host.eu.11504: 20634-| 26/0/1 SOA, AAAA 2600:1f18:46d5:1100:4526:5944:91c8:a5b, DNSKEY, DNSKEY, DNSKEY, DNSKEY, TXT "adobe-idp-site-verification="c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29"", TXT "v=spf1 mx ip4:65.205.231.173 ip4:65.205.231.174 ip4:65.205.231.175 ip4:65.205.231.176 ip4:68.232.140.78 include:customers.clickdimensions.com include:amazonses.com exists:%{i}.spf.PeaceCorps.iphmx.com ~all", TXT "@" "3600" "IN" "TXT" "adobe-idp-site-verification="c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29"", TXT "MS=ms93096948", TXT[|domain]
13:09:29.535663 IP vz2.webstandard.com > ns1.vital-host.eu: udp
13:09:29.535666 IP vz2.webstandard.com > ns1.vital-host.eu: udp
13:09:29.562367 IP stip-static-26.213-81-217.telecom.sk.domain > ns1.vital-host.eu.36412: 49644| 32/0/0 RRSIG, RRSIG, RRSIG, TXT "adobe-idp-site-verification="c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29"", DS, DS, DS, DS, TXT "MS=ms93096948", TXT "70hsPSk6sIjXz6uh9q2YU/hnsCdOQ03YzYXRibP8NwtyW2G6wVLNZNtsF2rRhG4r0gEP40lS9ats/EvBWhs9zA==", RRSIG, TXT "google-site-verification=gIEZUYY9g2-1blybvLN_bniEoxie4FWclulHw6DvZUU", TXT "adobe-idp-site-verification=c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29", DNSKEY,[|domain]
13:09:29.562419 IP stip-static-26.213-81-217.telecom.sk > ns1.vital-host.eu: udp
13:09:29.562421 IP stip-static-26.213-81-217.telecom.sk > ns1.vital-host.eu: udp
13:09:29.562664 IP 74.49.237.80.transtelecom.net.domain > ns1.vital-host.eu.54565: 44184 23/1/2 RRSIG, RRSIG, SOA, TXT "MS=ms93096948", TXT "google-site-verification=gIEZUYY9g2-1blybvLN_bniEoxie4FWclulHw6DvZUU", TXT "70hsPSk6sIjXz6uh9q2YU/hnsCdOQ03YzYXRibP8NwtyW2G6wVLNZNtsF2rRhG4r0gEP40lS9ats/EvBWhs9zA==", RRSIG, RRSIG, RRSIG, TXT[|domain]
13:09:29.562666 IP infos-gts.ptp.gts.cz > ns1.vital-host.eu: udp
13:09:29.562676 IP 74.49.237.80.transtelecom.net > ns1.vital-host.eu: udp
13:09:29.562679 IP 74.49.237.80.transtelecom.net > ns1.vital-host.eu: udp
13:09:29.562696 IP infos-gts.ptp.gts.cz > ns1.vital-host.eu: udp
13:09:29.562766 IP 46-119-162-148.broadband.kyivstar.net.domain > ns1.vital-host.eu.23764: 17820 8/0/0 RRSIG, RRSIG, RRSIG, RRSIG, DNSKEY, DNSKEY, DNSKEY[|domain]
13:09:29.562782 IP 46-119-162-148.broadband.kyivstar.net > ns1.vital-host.eu: udp
13:09:29.562866 IP user28.10.udn.pl.domain > ns1.vital-host.eu.65446: 46998| 23/0/0 TXT "v=spf1 mx ip4:65.205.231.173 ip4:65.205.231.174 ip4:65.205.231.175 ip4:65.205.231.176 ip4:68.232.140.78 include:customers.clickdimensions.com include:amazonses.com exists:%{i}.spf.PeaceCorps.iphmx.com ~all", Type51, DNSKEY, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,[|domain]
13:09:29.562870 IP user28.10.udn.pl > ns1.vital-host.eu: udp
13:09:29.562872 IP user28.10.udn.pl > ns1.vital-host.eu: udp
13:09:29.562934 IP infos-gts.ptp.gts.cz.domain > ns1.vital-host.eu.52611: 53486| 29/0/0 DNSKEY, TXT "adobe-idp-site-verification="c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29"", DNSKEY, DNSKEY, AAAA 2600:1f18:46d5:1100:4526:5944:91c8:a5b, SOA, TXT "@" "3600" "IN" "TXT" "adobe-idp-site-verification="c5bd8e9e38c19e39bab26f49615f8fef78d1865faa2ce8bfe0c941b0b1d5bd29"", RRSIG, RRSIG, RRSIG[|domain]
13:09:29.589536 IP 176.31.141.21 > ns1.vital-host.eu: udp
13:09:29.636601 IP 195-38-126-110.static.digikabel.hu > ns1.vital-host.eu: udp
13:09:29.636619 IP 89-79-93-2.dynamic.chello.pl > ns1.vital-host.eu: udp
13:09:29.636621 IP 89.208.122.206 > ns1.vital-host.eu: udp
13:09:29.636627 IP 178.254.228.134.domain > ns1.vital-host.eu.39018: 32984| 29/0/0 TXT "70hsPSk6sIjXz6uh9q2YU/hnsCdOQ03YzYXRibP8NwtyW2G6wVLNZNtsF2rRhG4r0gEP40lS9ats/EvBWhs9zA==", TXT "google-site-verification=gIEZUYY9g2-1blybvLN_bniEoxie4FWclulHw6DvZUU", TXT "MS=ms93096948", DNSKEY, DNSKEY, Type51, DNSKEY, DNSKEY, RRSIG, AAAA 2600:1f18:46d5:1100:4526:5944:91c8:a5b, SOA, MX mx1.peacecorps.iphmx.com. 10, RRSIG[|domain]
13:09:29.636639 IP 89.208.122.206 > ns1.vital-host.eu: udp