Hello, the DNS server can log denied DNS queries and i can use fail2ban or configserver firewall to ban IPs with excessive denied log entries, but my CentOS 6 log file (/var/log/messages) is 2GB for last around 72 hours thanks to denied queries. It is not attack. So i thought if i can disable logging of these DNS denied queries and instead monitor tcpdump output for refused queries and ban IPs with too many refused. What do you think? Is that actually possible and wise? tcpdump -nn -vv net myserverip and port 53|grep Refused Is there any already made solution that filter tcpdump output for blocking?