How to mitigate peacecorps.gov DOS attack on bind9 DNS Server?

Question

I newly configured bind9 on my ubuntu server and set allow-query to { any; } as I want my DNS server to be accessible for anywhere. However, I am now facing DOS attack using peacecorps.gov domain with different IP address. Getting DNS request every seconds. How to mitigate this issue? Is there a way to block DNS lookup for particular website?

My bind9 option configuration

options {
        directory "/var/cache/bind";
    
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

        dnssec-validation auto;

        listen-on { any; };
        listen-on-v6 { any; };
        allow-query { any; };
        allow-recursion { any; };

        version "Forbidden";
};

DNS Logs

Answer 1

I newly configured bind9 on my ubuntu server and set allow-query to { any; } as I want my DNS server to be accessible for anywhere.

You get exactly what you've configured.
A DNS server that can be used by anybody. Or rather, abused by anybody and it is being used for abuse right now.

See for example this alert regarding incorrectly configured DNS servers such as yours:

• https://us-cert.cisa.gov/ncas/alerts/TA13-088A

---

The only public queries that your DNS server should allow and answer, are for the domain names it is authoritative for. (in other words: for your own domain).

If your bind server is to be caching resolver, it should only offer that service to your own servers/subnet, not the whole internet.

Set up an access control list and only allow authorised / trusted clients to use your DNS server and this problem should stop

acl myclients {
        192.0.2.0/24;
        localhost;
};


options {
        directory "/var/cache/bind";
    
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

        dnssec-validation auto;

        listen-on { any; };
        listen-on-v6 { any; };
        allow-query { myclients; };
        allow-recursion { myclients; };

        version "Forbidden";
};