BIND does not use the forwarders to resolve any more. It just goes to the root servers. I do not know when this started happening since everything worked transparently, but for sure bind configuration was not altered. It was upgraded though using apt.
Please how can i block these excessive bind accesses from this big ip range?
i mean i dont want manual IP ban, i want this to be handled by CSF automatically, so i want o ask you for kind advice on how to do it so such connections have low or no impact (iptables ban)?