We have seen it as well. In our cases it is all TCP DNS traffic as well. Velocity Online 850-205-4638 On Fri, Oct 14, 2016 at 11:43 AM, Eamon Bauman <eamon@eamonbauman.com> wrote:
We're rate limiting it now, but it's definitely bad behavior. When I open the flood gates, over a 5-min sample from a single host I received well over 61,000 queries. The size of the records being requested cause this to be an (unintended) amplification attack, as a 30Mbps inbound sum is getting amplified to 150-200Mbps outbound.
On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <josh@kyneticwifi.com> wrote:
Same here :)
On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <sryan@arbor.net> wrote:
I was going to point you to the reddit thread about it, but it looks to be your thread :)
Spencer Ryan | Senior Systems Administrator | sryan@arbor.net<mailto: sryan@arbor.net> Arbor Networks +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com<http://www.arbornetworks.com/>
________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Eamon Bauman < eamon@eamonbauman.com> Sent: Thursday, October 13, 2016 10:26:57 AM To: nanog@nanog.org Subject: Excessive Netflix DNS Traffic?
Hi all,
Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4) running Netflix? Starting 9/29 we have been seeing significant volume of DNS traffic from game consoles on our campus to our caching recursive boxes. Logs show repeated requests for api-global.netflix.com and nrdp.nccp.netflix.com.
Anyone else experiencing this?
Eamon