To help combat attacks on open DNS resolvers, we aggregate data from our cloud services and
honeypots to create a blocklist.
Queries for domains that are...
1) known DNS amplification attacks
2) excessive or repetitive in nature
3) known test or research queries
4) malformed/impossible to resolve queries
...trigger a notification for a real human to review the data, and if consistent with the above, the referring IP (source)
of the traffic is added to the blocklist (the individual IP or in some cases an entire netblock)
This list is never updated more frequently than once a day.
Please use the script below to check for an updated list, when a new version is available it will be downloaded.
Optionally, you can have the blocklist incorporated as a Windows firewall rule.
Download to C:\DNSIPBLOCK\get-ipblock.txt
Right-click on the file, select Properties
Click the Unblock button (if this button is not present just proceed), then OK
See comments within the script for more information
Rename the script to "get-ipblock.bat" before you run it, or add it in Task Scheduler