blah ddos sucks

For Debian's fail2ban, I added this to /etc/fail2ban/jail.conf:

[bind]

enabled = true
port = domain
filter = bind
protocol = udp
logpath = /var/log/syslog

And this to /etc/fail2ban/filter.d/bind.local (a new file):

[INCLUDES]
before = common.conf

[Definition]

failregex = ^%(__prefix_line)sclient <HOST>#.* query .* denied$

Bam... problem more or less solved.