Monitor REFUSED/denied DNS queries in /var/log/messages

[peterelsner]

Is there a way (and if not, can it be added), to monitor the /var/log/messages file for denied/REFUSED dns queries
and block the IP addresses that hit a specific site more than so many times..?

Example:

Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.11#19420: query (cache) 'domainname.com/MX/IN' denied
Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.11#37657: query (cache) 'domainname.com/A/IN' denied
Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.11#34976: query (cache) 'domainname.com/MX/IN' denied
Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.11#59322: query (cache) 'domainname.com/A/IN' denied
Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.10#51881: query (cache) 'domainname.com/MX/IN' denied
Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.10#10887: query (cache) 'domainname.com/A/IN' denied
Mar 14 11:09:47 HOSTNAME named[11275]: client 97.107.20.10#64403: query (cache) 'domainname.com/MX/IN' denied

Since 4 AM (when log files rolled over), there are over 32 thousand hits to this website (which is no longer even hosted with us) from hundreds of different IP addresses. I've been blocking those manually but it's tedious and it's causing our server monitoring system to indicate that the server is down (when in fact it isn't). Ping is very sporadic so I know it is being effected by these queries. Other servers don't have nearly anywhere as many queries as this one server.

[peterelsner]

In case anyone else runs into this. Setting LF_BIND to 250 did the trick for me.