There are some malwares sending ANY type queries to a DNS serer to create heavy traffic on the Internet. This is the most common case of DNS Amplification Attack. You can see this kind of malware sending ANY type queries when you install NxFilter on cloud without authentication. We explained how to deal with such a problem in our tutorial, https://tutorial.nxfilter.org/h-prev...ns-attacks.php

Recently, we found a user having such kind of problem in his local network. When he uses NxFilter without authentication, he saw heavy traffic in his network. At first, he thought it's from outside or WAN as there are so many public IPs as client IPs on 'Logging > Request' of NxFilter GUI. Actually, those public IPs are fake IPs by IP spoofing of the malware.

So, this is not just for when you deploy your server on cloud. In your local network, there might be a PC infected with some malware sending ANY type queries to your NxFilter. And you get heavy traffic flooding your network. We were not aware of this as most of our users enabled User Authentication by NxFilter in their local networks.

To prevent such a problem, you can enable authentication as those fake IPs can't get through NxFilter authentication. Another method is to add '255' that means ANY type into 'Blocked Request Type' on 'DNS > Server Protection > Request Type Control' on NxFilter GUI. You can do the same for NxCloud. However, NxRelay doesn't do 'Request Type Control' at default.

To enable request type control on NxRelay, you need to add the following line on its /nxrelay/conf/cfg.properties file,

NxRelay will fetch your server request type control settings and drop the blocked request type queries.