Educause Security Discussion mailing list archives
DNS query storm
From: Jim Bollinger <JBollinger () WLU EDU>
Date: Thu, 21 Apr 2005 15:05:26 -0400
Our DNS servers are seeing high levels of traffic from student machines. They make 8 consecutive queries that look for A records (not PTR) whose name is a legitimate IP address on our network. As in, "give me the IP address of the machine whose name is 137.113.19.120". So they are all invalid queries, because there is no NAME in our forward DNS zone matching the IP address in the queries. We don't yet have a handle on how many machines are doing this, but they seem to all be student machines. Any ideas what this is, some application? Also, approaches to troubleshooting would be appreciated. Thanks, Jim Jim Bollinger Systems and Network Engineer Washington and Lee University Lexington, VA 24450 540-458-8743 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- DNS query storm Jim Bollinger (Apr 21)