Create named-flood.conf in the filter.d folder (etc/fail2ban/filter.d)
[Definition]
failregex = .* client
ignoreregex =
Enable the Named query flood with the following statement in your jail.local file (etc/fail2ban/jail.local)
[named-flood-udp]
enabled = true
port = 53
protocol = udp
filter = named-flood
logpath = /var/log/named/bind9.log
maxretry = 200
bantime = 3600
ignoreip = 1.2.3.4
[named-flood-tcp]
enabled = true
port = 53
protocol = tcp
filter = named-flood
logpath = /var/log/named/bind9.log
maxretry = 200
bantime = 3600
ignoreip = 1.2.3.4