Threat mitigation for bad actors causing buffer overflows and log file/memory explosions

[Aesir]

My publicly available DNS server keeps getting hit by a network that repeatedly makes special requests for cisco.com and atlassian.com that result in giant lines (something like 20Mb/min) in the query log (ballooning both memory and disk) as well as eventually causing buffer overflows in Adguard (v107). They aren't triggering request limits because they're using entire /24s and only sending requests from each address and each /24 very slowly. If I block one group of addresses, another immediately pops up to continue spamming.

Two Query Log Example Lines

{"T":"2023-12-29T09:09:42.820898097Z","QH":"cisco.com","QT":"TXT","QC":"IN","ECS":"191.7.159.0/24","CP":"","Upstream":"https://dns.google:443/dns-query","Answer":"tCyBgAABADwAAAABBWNpc2NvA2NvbQAAEAABwAwAEAABAAAAvgAuLVF1b1ZhZGlzPTk0ZDRhZTc0LWVjZDUtNGEzMy05NzVlLWEwZDdmNTQ2YzgwMcAMABAAAQAAAL4ADAtPU1NSSC05NzIzNsAMABAAAQAAAL4ARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249OU1sUVU5TU1RMWpITE1Va09OS2U2UXpaLVpJR1J2MEJDRDFfclkxWmRtY8AMABAAAQAAAL4AWVhtWnZIc3pHbG1EaHZQT1VLTCs2Sk1pdy9WdGNreU9NS2pjdzFQTGNqWW93eE0yUFZMWDJ4RzBaU2dkSFJtOEhYZmFhR1IycE12aElyQlgxdFgzYUtSUT09wAwAEAABAAAAvgBBQGM5MDAzMzViOGI4MjU4NTliNTE0NzNiOTk0M2EzODgwYWU3OTVkZjQ3NDI2NDgzYjBhNjc2MzAzNzdhOTAyZjXADAAQAAEAAAC+AEVEZ29vZ2xlLXNpdGUtdmVyaWZpY2F0aW9uPWxXNWVxUE1KSTRWckxjMjhZVy1KQmtxQS1GRE5WbmhGQ1hRVkR2RnFaVG/ADAAQAAEAAAC+ADs6bWlyby12ZXJpZmljYXRpb249NTNiZjVjY2Q0N2NiNjIzOWZlNWNmMTRjM2IzMjgwNTBkZDU2NzlhY8AMABAAAQAAAL4AVlVzZW5kaW5nX2RvbWFpbjczMTAwMz0yNWUzNGZhZGVhODhkYTdlNjRmMGZhYjFlMzJkMDk0ZjFmMWUwZmIyYjk3NjIyZGVhYzI1MjFmN2EyYzViMmJjwAwAEAABAAAAvgArKmFwcGxlLWRvbWFpbi12ZXJpZmljYXRpb249cU9JbmlwUGdzbzNXOGNtS8AMABAAAQAAAL4APz5wZW5kby1kb21haW4tdmVyaWZpY2F0aW9uPWM5ZDJmYmExLTdkOTQtNGNmOS1hNmZiLTMxMDg4M2M4YmIxNcAMABAAAQAAAL4AJSRhc3Y9YWM5MGUxMTgwOGU4N2NmYmY4NzY4ZTY5ODE5YjFhY2HADAAQAAEAAAC+AF9eYXRsYXNzaWFuLWRvbWFpbi12ZXJpZmljYXRpb249Mmxkb3NtZzBvMk1ocHlvazFPSVNhU0d5Z1dVOXprNmZMTFdkb2N6WHRIYXA5bHVoYUhBL3B3RWFqMlRrNlJPS8AMABAAAQAAAL4AJCN2PXNwZjEgcmVkaXJlY3Q9c3BmYS5fc3BmLmNpc2NvLmNvbcAMABAAAQAAAL4ARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249VjN0MkszZHZyOWZjZDFZV3d3YW5TbWViRU9PX1VOVFAwNkhSMl9nVU81TcAMABAAAQAAAL4ARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249VmMwUGlyMjJtMXU5eXc1SGpYZjZUWU82cmxBSTlFWThJVktVbWEtT3FEWcAMABAAAQAAAL4ALi1kb2N1c2lnbj05NTA1MmM1Zi1hNDIxLTQ1OTQtOTIyNy0wMmFkMmQ4NmRmYmXADAAQAAEAAAC+AGRjYWRvYmUtYWVtLXZlcmlmaWNhdGlvbj13d3ctZGV2aW50LWNsb3VkLmNpc2NvLmNvbS8yNDg1OS8zNjYxNzMvOTQxOGYyYTItZWY0NS00Nzg4LTlkZTktOTFjN2QxOTAzOGI5wAwAEAABAAAAvgA9PHdvcmtwbGFjZS1kb21haW4tdmVyaWZpY2F0aW9uPVVodjdRUFEyMm5idUQzdkcwanNwZjdSNkxydVlvU8AMABAAAQAAAL4ANzZhaXJ0YWJsZS12ZXJpZmljYXRpb249NzY3ZTE5OGE5ZWY4OTcyYjBiZDRjMjAyOGY1MDcwZjPADAAQAAEAAAC+AEdGbm90aW9uLWRvbWFpbi12ZXJpZmljYXRpb249N3N6NFMzTEx0TklIWnBZc2dUVGdPY1JMbExySjVKcm1JZ1ZjZFJ0R2kxWMAMABAAAQAAAL4AVlVkdW9fc3NvX3ZlcmlmaWNhdGlvbj1zS01HYVRsbjJ2bVF1S3dhRTRoS3RURVkxVVluMkp6QWF4U1p6R2prZ0pyS3VaQ2hOMzQ0bWhJcHR5Y3pvTkJBwAwAEAABAAAAvgBiYWFkb2JlLWFlbS12ZXJpZmljYXRpb249d3d3LWlkZXYtY2xvdWQuY2lzY28uY29tLzI0ODU5LzM2NjIwNC8xYjk5MGVmNy1mZjg4LTQ5MzgtYmRkOS04NDU4Y2MxNTJmNTfADAAQAAEAAAC+ACMiWk9PTV92ZXJpZnlfR2Y2Q2FFZEo1YUtHdmpjVXJaUmtpQcAMABAAAQAAAL4APDtmYWNlYm9vay1kb21haW4tdmVyaWZpY2F0aW9uPXFyMm5pZ3NwenJwYTk2ajFuZDljcmlvdnV1d2lub8AMABAAAQAAAL4AX15hdGxhc3NpYW4tZG9tYWluLXZlcmlmaWNhdGlvbj1BWVR6TDZ3U1ZzVzBJZHlRcDdnd3Y2bHd0SGRwTUFUbmI4UXJpcXlKMG5pQWFaY3Q5a2RTbFh2ZnVFNEdjb3hVwAwAEAABAAAAvgA2NWZhc3RseS1kb21haW4tZGVsZWdhdGlvbi16OXNsc2JEZFgwLTM2ODM2NS0yMDIxLTA1LTE0wAwAEAABAAAAvgBWVWR1b19zc29fdmVyaWZpY2F0aW9uPUlZZFZVSXJiMkw5NUpWZWpTWFYzaGZzSlZEWm9sUUtLT1BCenRsRDZUSWdmQ1JTS2VNdWY4V2diUXVGTEQ0YUzADAAQAAEAAAC+ADc2YW1hem9uc2VzOlFiVXY1cFBIR1F4UnkxdktBMEo3WS9iaUU5b1I2TVR4T1RJMWJaSWZqc3c9wAwAEAABAAAAvgA5OGRvY2tlci12ZXJpZmljYXRpb249NGM1NjYzM2EtMjc0ZS00ODU4LTg4YTItMmFlY2VmZmNmZDY2wAwAEAABAAAAvgBWVWR1b19zc29fdmVyaWZpY2F0aW9uPXBHMjFPajVPUEN4UlBzV1hzZmJhdVdUOW91YTgyY0t0WVVQQW1zUXZvdktOcTN4cVdFY3NFTUVBaHRYeThBRnLADAAQAAEAAAC+AD8+cGVuZG8tZG9tYWluLXZlcmlmaWNhdGlvbj1jOTc5NjUwMi1jOTE0LTRlNTAtODkyZC1lNDI2ZjJhYzY4ZTnADAAQAAEAAAC+ABIROTI2NzIzMTU5LTMxODg0MTDADAAQAAEAAAC+ADc2YW1hem9uc2VzOm1YK3lsUWorZkpBZmg5cHIwM3lJUjdZdmpLWjFiT281QUJlZ3FNLzVwdkk9wAwAEAABAAAAvgBAP2lkZW50cnVzdF92YWxpZGF0ZT1aTUc0SXlWeE53bXQzdktwUG9GbXhTdVdXKzRmTWMvTTRrQ0NuQmFQVU1ZdsAMABAAAQAAAL4APz5wZW5kby1kb21haW4tdmVyaWZpY2F0aW9uPTU5OTViYTljLTliZjgtNDNkOC05ZTVhLTMwOTg1Njc2MDAxMcAMABAAAQAAAL4AQD9pbnRlcmNvbS1kb21haW4tdmFsaWRhdGlvbj04ODA2ZTJmOS03NjI2LTRkOWUtYWU0ZC0yZDY1NTAyODYyOWHADAAQAAEAAAC+AD49ZmFzdGx5LWRvbWFpbi1kZWxlZ2F0aW9uLWltMFZDR1k1WDBheEVFbWhYSmIyLTM0NzkxMS0yMDIxMDMxMMAMABAAAQAAAL4ANzZmYXN0bHktZG9tYWluLWRlbGVnYXRpb24tdzA0OXRjbTB3NDhkcy0zNDEzMTctMjAyMTAyMDnADAAQAAEAAAC+AENCZmFzdGx5LWRvbWFpbi1kZWxlZ2F0aW9uLWU5YTc1OGQyMjE4MzUwNGFmMmQ1YWI0ZDlhOTg1M2RhLTIwMjEwMTI3wAwAEAABAAAAvgA+PW9uZXRydXN0LWRvbWFpbi12ZXJpZmljYXRpb249MjAzNDVkZDBjMzM5NDZmMjk5ZjE0YzE0OThiNDFmNjfADAAQAAEAAAC+ADw7ZmFjZWJvb2stZG9tYWluLXZlcmlmaWNhdGlvbj0xem94bzh6N3QwMTNncHJ1eG1oYzhka2VycTQ3dmjADAAQAAEAAAC+ADw7bWl4cGFuZWwtZG9tYWluLXZlcmlmeT0yYzZjYjFhYS1hM2ZiLTQ0YjktYWQxMC1kNmI3NDQxMDk5NjPADAAQAAEAAAC+AEVEZ29vZ2xlLXNpdGUtdmVyaWZpY2F0aW9uPVdtZER1U1hsM1BNYi00OHFjWTZWVWJXOWt6TlBlNDZ6bjl1RHdnQjJ3WDDADAAQAAEAAAC+ADc2YWlydGFibGUtdmVyaWZpY2F0aW9uPWMwYjViZDNmM2RiNzM2Zjc3NWYwZGJlNGUxMDNjZGVhwAwAEAABAAAAvgAuLVNGTUMtbzdIWDc0QlE3OWs3Z2xwdF9xamxGMnZtWk85RHBxTHRZeEtMd2c4N8AMABAAAQAAAL4ARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249ci1LMUNJZFhrZ1JXeFpzdFVIdFZ5TTJVZndmbG5HZ3I0QVI5X1FoazI4UcAMABAAAQAAAL4ARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249cVBTOVprb1EtT2cxckJyTTFfTjd6LXROSk55MkJWeEU4bHc2U0IyaUZka8AMABAAAQAAAL4ANzZhbWF6b25zZXM6N0x5aUtabXB1R2phNCtLYkE0eFgzbE42OXlhallLTGtISDRRSmNXbnV3bz3ADAAQAAEAAAC+AFVUc3RyaXBlLXZlcmlmaWNhdGlvbj04ZTU0ZmFlNzY4MGIyM2FhZDZkNWUzNDE3YmU3M2EwNDNmN2U0NWNkMjc2NzI3MmRiZTBjOWM2ZWFjOTAzMjkxwAwAEAABAAAAvgAuLWRvY3VzaWduPTVlMThkZThlLTM2ZDAtNGE4ZS04ZTg4LWI3ODAzNDIzZmEyZsAMABAAAQAAAL4AX15hdGxhc3NpYW4tZG9tYWluLXZlcmlmaWNhdGlvbj1Vd1AxbmNmaXBobEZzK3dSeDh3SUJTWERTY3dOTDdKcnc3dHEycm5ZejMrOVQ1K01kOWVURFJnTlBDaWt4dE94wAwAEAABAAAAvgAODU1TPW1zMzU3MjQyNTnADAAQAAEAAAC+AF1cYWRvYmUtaWRwLXNpdGUtdmVyaWZpY2F0aW9uPWM5MDAzMzViOGI4MjU4NTliNTE0NzNiOTk0M2EzODgwYWU3OTVkZjQ3NDI2NDgzYjBhNjc2MzAzNzdhOTAyZjXADAAQAAEAAAC+AEhHaDEtZG9tYWluLXZlcmlmaWNhdGlvbj1yaXg1dnV4bnRWcG1hNHJUTDJEYkUzRkRyclBqZWRoblJhcWFIdmdoeW9kM2VnbVrADAAQAAEAAAC+AFZVZHVvX3Nzb192ZXJpZmljYXRpb249NlE3cEp3U1ozZGFtV0hCY0I4VE5kOUk1b2R1TFJBRkREaGlwMnBURmFhM1FvSVp0Wm5DZ3pqeVpyNXRlU09XU8AMABAAAQAAAL4AWVh3aXotZG9tYWluLXZlcmlmaWNhdGlvbj1hZjI0MWU2Mzk2Njk2ZWVkZjFiMzYxODkxNDM1ZjZiMjFiZGViYjU2MjE5NDFkOTkyNzkyOThjMDc2YjViZjVmwAwAEAABAAAAvgBfXmF0bGFzc2lhbi1kb21haW4tdmVyaWZpY2F0aW9uPTY3MlJjQUR2dDhCUHFzYjlnQ04yWkM1RG9UQWhVVDhhYkMxYmxZS1F4aS9NSE1hR29BL0J1dmpGTWFXUnRnZDfADAAQAAEAAAC+AFZVZHVvX3Nzb192ZXJpZmljYXRpb249QXhlbkxkb3FJWHpqbDJSSnpFMUJsT2ZrYXdEYkRGbG5ieXZqQXQ4dmNqS0hCa3ZZd0VNeVNEUms1UW1CZDY2dsAMABAAAQAAAL4AX15hdGxhc3NpYW4tZG9tYWluLXZlcmlmaWNhdGlvbj1HdDJkZW1lS0RMbXROYzlrUFpoYUFIRkEzN0RFSWNtRkdVZDZMQVJ2QjR5akxHNzBzM1daaGFKSjE1eTQ5OXNiwAwAEAABAAAAvgBfXmF0bGFzc2lhbi1kb21haW4tdmVyaWZpY2F0aW9uPTdKWVJsWTlpakJpalRKMFlTNWE4LzU4RFU3T2ZLQUhNWVJ1ZmN5MFRDNTdqMm1OY2VIOHJnNGFqUnpFcmMyMloAACknEAAAAAAAAA==","IP":"191.7.159.134","Result":{},"Elapsed":208507,"Cached":true}
{"T":"2023-12-29T09:09:42.825810046Z","QH":"atlassian.com","QT":"TXT","QC":"IN","ECS":"191.7.159.0/24","CP":"","Upstream":"https://dns.cloudflare.com:443/dns-query","Answer":"rO2BgAABADQAAAABCWF0bGFzc2lhbgNjb20AABAAAcAMABAAAQAACZEADg1NUz1tczE4MTMzNTQwwAwAEAABAAAJkQAuLVNGTUMtLUZlbEpkVmZzMXFXTnZjN090V0pzNk1aY3VzT1BPeVdNX2VDc3lzYcAMABAAAQAACZEALi1TRk1DLU5FVlpFLXBkMFgxNUJseFhJOGkyTjFDOTc3YWNDU1M2aVhzanpuREbADAAQAAEAAAmRAC4tU0ZNQy1WR3RiWnFNZWFMbkxYX2VwOGJsbWdoYXdEdHNadmRHcDhvaFdvNEo1wAwAEAABAAAJkQAuLVNGTUMtd0V1V3VtcnlLY29DVFhRTUpteE55Wkg3Tk5OTW5sRGRobXFlRVRSQ8AMABAAAQAACZEAXFthbm9kb3QtZG9tYWluLXZlcmlmaWNhdGlvbj0yM2U2OTZlMGUwZDNiZDA4MDFlODcyYjA3YTNhZTJlOTZmZDE0Y2RhMWU2ZTBkYTdiYmFmMmU0ZTA5NWNiMjFhwAwAEAABAAAJkQArKmFwcGxlLWRvbWFpbi12ZXJpZmljYXRpb249eEprN2dxMFFqZ21Od0tPQ8AMABAAAQAACZEAX15hdGxhc3NpYW4tZG9tYWluLXZlcmlmaWNhdGlvbj1Bbi96TnNJWGF2MWxvWktOZ05zTFZaQ1NWRjJad3hDbW1SbUh5YXpQTnVwQ01oSUlld1ZneGpMUlg4dkhuRUg2wAwAEAABAAAJkQBfXmF0bGFzc2lhbi1kb21haW4tdmVyaWZpY2F0aW9uPVpScGhuaU9weXZoSFY3Nm1SbXhuTGtISlZyS25iZU9JeG1oYnhiOFBGNkFhclgwRnlwdGh4WUIvcjVYcFZDMkXADAAQAAEAAAmRAF9eYXRsYXNzaWFuLWRvbWFpbi12ZXJpZmljYXRpb249WmxzVEdPRVBObVdGWHp6aEVheUxHOVdEbWpPd3NyMUgzNk5kcGVsRkxURi9rR0NMci9hNXJDQ09xcUdaUmpXdMAMABAAAQAACZEAX15hdGxhc3NpYW4tZG9tYWluLXZlcmlmaWNhdGlvbj1xWHkwc0pUZUV6RXBJeGZnMzBNdWFYMXJadldxSUU2NlFZaDhtMVNLSnJBeElLNTlPRkFhd3JJWmpLZDZrd2dvwAwAEAABAAAJkQA3NmJ1Z2Nyb3dkLXZlcmlmaWNhdGlvbj1lNmJmZWYxYjcwNjQ4ZDkyZGZhYTljNzExMDkzMzNlMcAMABAAAQAACZEAHh1kMjVrYTQ4OGRmcXlqNi5jbG91ZGZyb250Lm5ldMAMABAAAQAACZEALi1kb2N1c2lnbj0xZDJjZDJjZC01M2RhLTRjNDMtYjQ4Ny00NmE1ZDQ3NDVmNjDADAAQAAEAAAmRAC4tZG9jdXNpZ249NDAwMDE2ODktNTk1NS00NjkxLWJkYzAtMGM5NWY3OTJiNTg5wAwAEAABAAAJkQAuLWRvY3VzaWduPWM3MDlkMGU3LWYyMjEtNGYwMy1iOTM2LTcwNDI2NmI1MDNhMMAMABAAAQAACZEAPDtmYWNlYm9vay1kb21haW4tdmVyaWZpY2F0aW9uPXMwY2RpMmloZ3BlZzd2N2hsNDV6YXRmZGJpNWlhNsAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249NEJjVG4zbTl3ZkpycThPTkR6OWx0TWJGaFZnVDUxRlZrZm1Tbi1mY0daTcAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249OTYxcnlIWld6RUF5S1BwT1k2eFRQdmlNZVVscDAwUmFnelg3SU5IblJwa8AMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249Q1JVV01qblBaYWFaYXAtM0VKa3RYZGxfYW5faFdFZ05xVGJfajJMVVRjTcAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249RXktdjZCZTdKMmxiT1NNUjdJRC1nQTZ3R1pYS3hZTXVUVmtSNExGdWVvd8AMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249S2o3U01OZ3A0MW01WWlIN0tFYXdvd0NSUUZpbFFyUlo4RF9UenRpRW4yZ8AMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249THdtZnUydlpRMHZfT0NjNDhrWVFOWENjbWdQN0dqNkZnMmtMMDhYaGZuMMAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249TVNENGVlUkd4bTViQTlBdTFjR3VWOE9QUU9zanU3ZXBUREotZjlDOTBnWcAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249TzdZYnQ4cXZ1Q19XcjdlTlluSnloVHhhR1dwSUVSeF9lUVhoRDIxOU1tY8AMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249VTVoaU9seThKT3doeVJYTW14Z1dhREhHTWVtN2tnUXVkMUlpczhnc2h5QcAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249Zkswci1TeVduYnhVdXpkSWJoU2NPOVdqQklEQnVFQWg4bGRUWDNGRGhlVcAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249cjFfN25CdXFkY1dkTTBRSWlEV1F1c0hhOWplbHlYNWhKWWdYM3hXU2VUTcAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249dmEzTnlhMGtuMjBndVJRSVZVLUxGNFJSc0taNnUxUmV3dHFiNGVZcm8tOMAMABAAAQAACZEARURnb29nbGUtc2l0ZS12ZXJpZmljYXRpb249ejk4XzhMYXoxSnJfVlp3cEFNZng1SVhiRnk0UEN4NjZ5Z1pvcUNlTHl5Y8AMABAAAQAACZEAUE9odWJzcG90LWRldmVsb3Blci12ZXJpZmljYXRpb249WmpVeVl6SmtOREV0TlRsbE1DMDBNakU0TFRnME56Y3ROR0ZrTkROaE1UUXdNREpswAwAEAABAAAJkQA7Omtub3diZTQtc2l0ZS12ZXJpZmljYXRpb249ZDI2ZTQ2NDU0ZDVmMWJmY2QxYmQ4OWY4Y2NmMGQ1NzjADAAQAAEAAAmRADs6a3Jpc3AtZG9tYWluLXZlcmlmaWNhdGlvbj1pYVlyRWpCb3VLcUtmVDA5ZFFGdlV3MHFramlCMkh3T8AMABAAAQAACZEAf35sYXN0cGFzcy12ZXJpZmljYXRpb24tY29kZT02a2FXTSNUSXleKiVDZk1SVkRhJiZqJiRKcko0bXIlIWJeKkhSVHMxWDNWNHBNc0dnVW5EMDJISSo5aWomU0JZYmZvQjlVVjl4ak9nV3Vhb0FqVHU0Unl3cGRXcnc3YyV3NUbADAAQAAEAAAmRADs6bWlyby12ZXJpZmljYXRpb249NmJkMTQ1YzhmZjk2YWFiZTgxZWJiYzkyOTg1MjJhZDRjNDFlMDhmNsAMABAAAQAACZEAOzptb25nb2RiLXNpdGUtdmVyaWZpY2F0aW9uPTdJVElCQjVyNzJneWdSQ2lCeHdBNVVRY095bmcxVnoxwAwAEAABAAAJkQA+PW9uZXRydXN0LWRvbWFpbi12ZXJpZmljYXRpb249YWExMTQ0OWNmNjIzNDhlNzhkMjI5MDQ5ZGRmNjdkZjLADAAQAAEAAAmRAE5NcGFyZG90NTQ4MzgyPTI1MWEwMzViZjFkOTE2MDM5Zjk2YzMzZDI0NTc1MDZlYzE5MzZjOGM4MzMxOTU2YjI3MGNiNmY1MWU0YTFhNmHADAAQAAEAAAmRAC0sc3RhdHVzLXBhZ2UtZG9tYWluLXZlcmlmaWNhdGlvbj0zZmJ3enFtOHZqaHLADAAQAAEAAAmRAFVUc3RyaXBlLXZlcmlmaWNhdGlvbj0wNGQ3ZmI0Nzc2ZjEzMDE5MDVmZWM4YWIyNjQwZDkwMDYzZDgzNDMzNTYyMjAwZmU4ZTg0YTE2M2FmMmZmNTM3wAwAEAABAAAJkQBVVHN0cmlwZS12ZXJpZmljYXRpb249MjdhNzg4N2JlY2E3YzEwOWQ2YmVlYjdiMTU0ZGIxODc4Y2RiNjk5ZDBkOTNlNDhhNzMxZWMwOGM2OTRhNjI5MMAMABAAAQAACZEAVVRzdHJpcGUtdmVyaWZpY2F0aW9uPTQyNzgyNmM3MjhkZmNlMGE3YTc4MzIyYWNmZGJjZTcwNDczZWMyZDk5OWE3MzlmZDE1ZDAxNTFhOGNjYjAyMDDADAAQAAEAAAmRAFVUc3RyaXBlLXZlcmlmaWNhdGlvbj01ODBjZWEzNmVjNDZhYzBhZGNjMjAwMjIxODExYWNhY2ExZGI0NTZiMGZiOTFiZDdjYzEyOWQ4ZjM0NTliOWI4wAwAEAABAAAJkQBVVHN0cmlwZS12ZXJpZmljYXRpb249NzFkNDU3MWFhYzcyMTYwNTBjOGJlYmFhZGYwNTM4NjYyZDRlNWE5NTBiN2M0Y2ZkOGU2OWIxMmE1NDgzNWRmMcAMABAAAQAACZEAVVRzdHJpcGUtdmVyaWZpY2F0aW9uPTk3YWE1MGUxMTgwNWE3NDVmZDk3MmVkM2M5Y2MzYjRmYjgxZDcwNmFkYjhiZjk2OTNiMzQ3NzcyZTAwNDc4ZDXADAAQAAEAAAmRAFVUc3RyaXBlLXZlcmlmaWNhdGlvbj1hMDhiYzZmYmJiMjdiYjlkODFkZGY4NDY3MDQxNGRjOWFlYzVlZDRkNjc0MGMwYzFhNTY2YTcxZDE5ZWE4MzQxwAwAEAABAAAJkQBVVHN0cmlwZS12ZXJpZmljYXRpb249YzNjNDZlYzA4NDMwNmEzMGJjYzFkMDU1MWZiOWE1MDgyMzE4MzFmMzhhMjcyM2U4NzRlNjQ0NmMyOTI4MWQ1NcAMABAAAQAACZEAVVRzdHJpcGUtdmVyaWZpY2F0aW9uPWQ2YTM5MTJlN2IxYzZlY2U2ZmJiZDNmYmQ5NGVjMjgwOWNlZjQyZGQ1MmMxNDZiOWU5NzkxMWQ4MTk3MDVkZjnADAAQAAEAAAmRAFVUc3RyaXBlLXZlcmlmaWNhdGlvbj1kZjMwNDExMzUxOTQ0ZjE0OTZlMTY3MjM3OWYyNmExOTRiYzAwYzdmYjBmY2JiYWI5ODlkNjEwZjA5MGJmZmQ4wAwAEAABAAAJkQBVVHN0cmlwZS12ZXJpZmljYXRpb249ZTMxMjlhZjNhZWEyM2YzOWQ5ODY5OTgyMDg0ODk1ZjgxZmNiMmE5MzFkYWVjNmZhYzcwNTJkZjc5ODYxMmQ2ZsAMABAAAQAACZEBF4V2PXNwZjEgaXA0OjU0Ljg1LjI1NS4yNDUgaXA0OjU0LjI0MS4xOTEuMyBpbmNsdWRlOl9zcGYuZ29vZ2xlLmNvbSBpbmNsdWRlOmN1c3Qtc3BmLmV4YWN0dGFyZ2V0LmNvbSBpbmNsdWRlOnNwZi0wMDFkOTgwMS5wcGhvc3RlZC5jb20gkGluY2x1ZGU6c3BmMS5hdGxhc3NpYW4uY29tIGluY2x1ZGU6c3BmMy5hdGxhc3NpYW4uY29tIGlwNDo1NC43MS4xNDcuNzQgaXA0OjU0LjcxLjYzLjEwNiBpcDQ6NTQuNzAuMTMuMzIgaXA0OjIzLjIxLjEwOS4xOTcgaXA0OjIzLjIxLjEwOS4yMTIgfmFsbMAMABAAAQAACZEAPj16b29tLWRvbWFpbi12ZXJpZmljYXRpb249MjgwM2E4ZTAtNzA1NC00ZTgxLWE3ZDctZmQ1NTY5MmQ1ZTNiAAApJxAAAAAAAAA=","IP":"191.7.159.97","Result":{},"Elapsed":182900,"Cached":true}

I could put it behind a VPN, but it's nice to be able to just tweak the DNS settings for my less than tech savvy family to protect them from certain domains and block ads. Getting them onto a VPN would be much more difficult (though some of the mesh ones are getting easier), particularly for their devices.

Using the Disallowed Client list just had the attackers change to a new unrelated set of addresses (geographically everywhere so no easy geoblocking). The Allowed Clients list is working for me temporarily, but my IP and that of various family members tends to change regularly into an unknown IP range, not to mention travel and cell phones being an issue then.

Ideally, I would be able to take advantage of either my Fail2Ban or Crowdsec installs, but both of those only have existing filters for failed login attempts, not malicious DNS requests, and I don't know enough to write a filter that wouldn't be likely to catch normal requests as well. I'd really rather not have my small Digital Ocean droplet go down again because of a 20Gb querylog file with all of the memory gone because Adguard is trying to load a 20Gb querylog file any more.

Does anyone have a good idea for how to deal with this beyond sticking it behind a VPN? Or writing a regex that sets a limit on how long a query response can be, banning anyone who goes over?

[snapsl]

Adguard Home does not have a sufficient threat mitigation technique to protect a publicly hosted instance.
At present, there seems to be no efforts to change this. (#6394)
As you have already stated, one option is to use a tunneling software like a VPN or Tailscale.
Some also just use DoH and disable the default dns port.