dns hits / 212.5.128/19 going wild

["JP Donnio" <ml-nanog () TBS-internet com>]

I am seeing a somewhat similar problem with my name server. It is configured
not to recurse queries except for our network. Since I enabled this feature,
I noticed we receive numerous requests from unauthorized hosts. It seems all
the unauthorized queries are MX requests for AOL.COM. Here's a sample
rejection log:

25-Apr-2000 12:21:48.647 security: unapproved recursive query from
[212.5.135.39].2091 for aol.com

and below the number of his for the last 4 days. Notice the 250,000 requests
from 212.5.135.39 That's really abusive and I have blackholed 212.5.128/19
for the moment.

   1424 192.92.129.3
   1332 193.200.17.87
    516 193.68.3.250
    399 208.226.167.19
     70 212.5.133.129
    635 212.5.135.16
 250292 212.5.135.39
     57 212.5.139.65
   1286 212.5.159.42
     28 212.5.159.53
     71 212.56.18.66
     58 212.91.173.60
   1992 63.192.247.53

Now I do not understand why we are getting those hits. Our nameserver
(207.153.200.35) is not an aol.com secondary and has never been.

Does anyone have a clue?

JP

Attachment: smime.p7s
Description: