DNS query storm

[Jim Bollinger <JBollinger () WLU EDU>]

Our DNS servers are seeing high levels of traffic from student machines.
They make 8 consecutive queries that look for A records (not PTR) whose
name is a legitimate IP address on our network. As in, "give me the IP
address of the machine whose name is 137.113.19.120".

So they are all invalid queries, because there is no NAME in our
forward DNS zone matching the IP address in the queries.

We don't yet have a handle on how many machines are doing this, but
they seem to all be student machines.

Any ideas what this is, some application? Also, approaches to
troubleshooting would be appreciated.

Thanks, Jim

Jim Bollinger
Systems and Network Engineer
Washington and Lee University
Lexington, VA 24450
540-458-8743

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.