Hello List.
We have one domain setup on our server dns but
there is no
website or email configured ..
Recently we've noticed some increase
in server Bandwidth usage
and after using tcpdump, we were able to find the
problem which
is a DNS server on the Internet sending many
queries per second
to resolve MX , A records for that domain
which is not existing of
course but it keeps asking.
One way was to block requests from that DNS IP but
that was not
practicle as many users on that DNS won't be able
to communicate
with our server.
so What is the best way to prevent DNS queries
consuming bandwidth.
tcpdump output extract:
14:40:09.407336 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 51794 MX? MyDomain.com.
(29)(DF)
14:40:09.411707 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 14233 A? MyDomain.com. (29)
(DF)
14:40:09.415880 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 39317 MX? MyDomain.com. (29)
(DF)
14:40:09.419827 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 49503 A? MyDomain.com. (29)
(DF)
14:40:09.423700 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 29362 A? MyDomain.com. (29)
(DF)
14:40:09.426963 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 16692 A? MyDomain.com. (29)
(DF)
14:40:09.430590 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 65288 A? MyDomain.com. (29)
(DF)
14:40:09.434350 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 1341 A? MyDomain.com. (29)
(DF)
14:40:09.438163 212.26.72.85.34997 >
ns.MyNameServer.net.domain: 57932 A? MyDomain.com. (29) (DF)
---
-aljuhani