I ask because almost all DDoS attacks involving DNS servers are amplification attacks, in which case your server was not the actual victim. https://en.wikipedia.org/wiki/Denial-of-service_attack#Reflected_.2F_Spoofed_attack Nicolai