DNS Aplification blitz

Over the last 3 days we have had a surge of DNS amplification attacks. We use fail2ban to ban IPs that dare to trespass. Previously there were about 200 IPs banned, and it was a fairly steady count over the ban time.

Then this surge… Every 1 minute there is a new IP trying the attack. The count has risen to 4200 IPs banned and no end in sight.

Is this type of event “normal”?

01/24/2021-10:38:13.037029 [Drop] [] [1:2016016:8] ET DOS DNS Amplification Attack Inbound [] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} →