This can be fixed by adding a second rule to the fail2ban chain in Vesta configuration to block 53 TCP as well.
Code: Select all
CHAIN='DNS' PORT='53' PROTOCOL='TCP'
This new chain rule should be added in /usr/local/vesta/data/firewall/chains.conf IN addition to the existing UDP rule.
Please include this in next update.