[dns-operations] "NS .", the attack of the month?

[Stephane Bortzmeyer]

It is still trendy, apparently. As I watch one recursive name server
(but I see nothing on many others), I see a 2-3 p/s "NS ." queries
claiming to come from 206.71.158.30 and even from 66.230.160.1
(pretending ISPrime).

Still no perfect solution for it?

At least dnscap is great to watch it:

sudo dnscap -i eth0 -w isprime-attack -g -s i -x '^\.$'

Any way with dnscap to restrict the QTYPE of the query?