[dsissitka]

> but nonetheless you're ingress rules in your cloud provider will not allow anything but that's single port...

That's all that's required for a DNS amplification attack. :)

[byteknight]

Thats not true. DNS isnt on 51820. That's wireguard. You cannot hit the DNS unless you're connected to the wireguard VPN provided you're using a cloud provider and you havent configured any additional ingress rules other than port 51820. That I am positive on.

[dsissitka]

You're right! I thought we were talking about the Pi-hole port. ><