Hi, thanks for the link. Interesting they are also having queries related to "isc.org". I can't tell, by looking at my logs, whether they are coming from or going to "isc.org" however. Any idea?
As for recursion, I have turned it off and it's still coming through. I have the following settings for the BIND server.
I think I'm under a DDoS attack on my DNS. Not sure how to tell whether I'm being used to amplify the DDoS DNS attack or I'm the actual target. I have 1400 IPs doing queries on my DNS servers since this started. Not everyone are attacking however as some are legit. But at least the top 102 of these 1400 IPs are hitting over 1000 times by now. The queries are coming in at about 388k/hr.