How to fight spam?

[joker349]

I have kept my Adguard Home DNS forwarder public for others to use since it blocks Ads and tracker.

I have bunch of users from around the world, some using DoH and some use plain DNS.

The problem I am facing is a lot of spam bots do DNS requests of domains which don't exists or take long time (like 10 sec) to respond. This hogs up the network, Adguard Home's cache is also filled with domains which don't exists preventing real users from taking benefit, and most of the time the upstream servers I use - Google, Cloudflare and my own hosting provider DNS stop responding to DNS queries from my server IP, stopping real users from using my DNS.

I had like to know how do I fight spam? I sometimes see logs of those IP which have a lot of requests coming in short time and manually disallow them, but this is slow and tedious process. I had like some automated process. I tried decoding the logs but the response is not fully readable text thus not parsable from any script - I was thinking to write a script which decodes response from IP which do very frequent queries and block the IP automatically.

Any suggestions to do this?

[ammnt]

@joker349, try to use Cloudflare reverse-proxy:
https://www.cloudflare.com/en-gb/

I use them to block bots, malicious traffic and entire countries👍🏼

[joker349]

Thanks for the recommendation. I am looking for more native and integrated solution, not depend on third-party.

[ishanjain28]

Cloudflare will not help much.

In my public instance, I block udp/53, tcp/53 access. There is a lot of spam that comes through these ports. All my clients use DoT/DoH. There is some bot traffic over DoH/DoT but so far from my experience it's mostly research projects so I am fine with it.

[irrweg]

I just Block their IPs with /32 or /24 in the DNS Settings.

Now with the new feature Blocking Clients directly from the Query Log took away much work.