DNS requests and Bandwidth

aljuhani info at riyadmail.com
Wed May 11 16:30:35 UTC 2005 

Hello List.

We have one domain setup on our server dns but there is no
website or email configured ..

Recently we've noticed some increase in server Bandwidth usage
and after using tcpdump, we were able to find the problem which
is a DNS server on the Internet sending many queries per second
to resolve MX , A records for that domain which is not existing of
course but it keeps asking.

One way was to block requests from that DNS IP but that was not
practicle as many users on that DNS won't be able to communicate
with our server.

so What is the best way to prevent DNS queries consuming bandwidth.

tcpdump output extract:

14:40:09.407336 212.26.72.85.34997 > ns.MyNameServer.net.domain:  51794 MX? MyDomain.com. (29)(DF)
14:40:09.411707 212.26.72.85.34997 > ns.MyNameServer.net.domain:  14233 A? MyDomain.com. (29) (DF)
14:40:09.415880 212.26.72.85.34997 > ns.MyNameServer.net.domain:  39317 MX? MyDomain.com. (29) (DF)
14:40:09.419827 212.26.72.85.34997 > ns.MyNameServer.net.domain:  49503 A? MyDomain.com. (29) (DF)
14:40:09.423700 212.26.72.85.34997 > ns.MyNameServer.net.domain:  29362 A? MyDomain.com. (29) (DF)
14:40:09.426963 212.26.72.85.34997 > ns.MyNameServer.net.domain:  16692 A? MyDomain.com. (29) (DF)
14:40:09.430590 212.26.72.85.34997 > ns.MyNameServer.net.domain:  65288 A? MyDomain.com. (29) (DF)
14:40:09.434350 212.26.72.85.34997 > ns.MyNameServer.net.domain:  1341 A? MyDomain.com. (29) (DF)
14:40:09.438163 212.26.72.85.34997 > ns.MyNameServer.net.domain:  57932 A? MyDomain.com. (29) (DF)
---

-aljuhani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20050511/2f6ac254/attachment.html>

More information about the NANOG mailing list