Re: DNS requests and Bandwidth

[Will Yardley <nanog () veggiechinese net>]

On Wed, May 11, 2005 at 07:30:35PM +0300, aljuhani wrote:
 
> Recently we've noticed some increase in server Bandwidth usage
> and after using tcpdump, we were able to find the problem which
> is a DNS server on the Internet sending many queries per second
> to resolve MX , A records for that domain which is not existing of
> course but it keeps asking.
 
> One way was to block requests from that DNS IP but that was not
> practicle as many users on that DNS won't be able to communicate with
> our server.
>
> so What is the best way to prevent DNS queries consuming bandwidth.

Stop running a DNS server?

All joking aside, I've seen similar problems in cases where there's a
lame delegation (with certain clients asking over and over for the same
records).
 
If "mydomain.com" is a domain which is pointed to your nameserver from
the authoritative servers for that TLD, but which your nameserver is not
authoritative for, you may want to setup a dummy zone.

> tcpdump output extract:
>
> 14:40:09.407336 212.26.72.85.34997 > ns.MyNameServer.net.domain:  51794 MX? MyDomain.com. (29)(DF)
> 14:40:09.411707 212.26.72.85.34997 > ns.MyNameServer.net.domain:  14233 A? MyDomain.com. (29) (DF)

If your domains aren't "mynameserver.net" or "mydomain.com", perhaps
you'd get a more helpful response by including the actual hostnames /
domains in question? You don't gain much by stripping this information,
and it's much easier for people to figure out what might be going on if
you include the actual domain(s). I'm assuming that if you're running a
publicly accessible nameserver which is serving names for these domains,
it's probably not sooper sekrit information.

Also, if you MUST use a bogus domain, at least use a bogus domain
reserved for that purpose (like example.com) or something ending in
".invalid".

w