I’m not sure either. I use Google and Cloudflare DoH and DoT addresses as upstream DNS and some 8 hours ago, noticed high response times such as 20,000 for mainly Google DoT address (and also Cloudflare DoT). Checked system resource usage of the instances and everything is normal. Also no network usage spike. Made sure Ubuntu is up to date and no upgrades are available, rebooted it as well, even manually restarted the VPS.

I actually used to use Oracle’s free tier for about 1 year 4 months, with port 53 open for all (yeah, that was a bad choice in retrospect) and it was only last month when I got requests from a bunch of IP addresses in Brazil and Paraguay. I ended up spending some 1.5 hours looking for rogue IPs from these countries and created a CIDR list from two already-available lists, and then pasted all those CIDRs in Disallowed Domains in DNS Settings. That stopped the issue. But Oracle still cancelled and terminated my account a couple of weeks after that incident. So when I set up my current instances on Vultr and DO, one of the first things I did was enable firewall and limit port 53 to select CIDRs because we are assigned IPs dynamically and I can’t use exact IP addresses. So far, I’ve not got requests from any IP I don’t recognise.