Why go beyond blocking direct DNS access?

(Ideally you'd make then switch to TCP by truncating UDP responses to specific clients but that sounds like a hassle to set up so it's understandable to skip that.)

Everyone is attempting all attacks all the time from everywhere. Why not secure yourself so the attempts fail?

At that point secure would be 'offline'... It's not like botnets, "unlocker" farms and P2P doesn't originate from residential netblocks all day long.

The idea of "I just want the legitimate traffic" is a simple one, but the implementation of the idea has very little to do with "I will just block the big bad cloud!".

Securing yourself means not being vulnerable to the attacks. Who cares if you are exposed to an internet radiation banana equivalent? Why worry? You'll hurt yourself more from the worry than from the radiation.

Blocking huge IP ranges is knocking yourself half offline, and it doesn't even stop you being "attacked". I'd start blocking if and only if there is some actual problem for your server (e.g. excessive CPU or bandwidth usage), not just because big bad scary cloud.

> Who cares if you are exposed to an internet radiation banana equivalent?

Me, because i would like to read all of the syslog without meaningless noise.

Then don't log the noise. Every log gets filled with noise if you aren't careful about choosing what to log.

Nonsense. There is no log level that separates between noise and legitimate data.

Then stop trying to separate it and just acknowledge these logs are (almost?) worthless?