On Thu, 1 Feb 2007, Trent Lloyd wrote:
<snip>
The only way for it not to arrive at the name server is for something in the way to block it. Perhaps a transparent filter, or perhaps the IP addresses of the "name servers" are your firewalls, which will block and pass the rest on to the real name servers behind them.
The problem here is, most people that have experiences this problem, are significantly overwhelmed with traffic of people so much as trying to do a lookup, even if you firewall it you are still going to get an array of queries.
In some cases, also, firewalling these queries makes it worse as servers will query multiple times, where as if you give a response with a large TTL they will go away. But then you have to have enough server power to handle these queries (and outbound bandwidth to match).
I don't know how much of an impact there is in this case but I know of other people who've had this exact same problem and the traffic load of the attempted queries was immense.
We can discuss this forever. Paul can either maintain the service until he is sick of it, and hope they go away - or kick it. He waited long enough that even if we don't agree, hopefully non of us will have arguments with him. Depending on time investment issues, contacting some of the big hitters and seeing why they hit him may be interesting and may help stop a lot of these. Some generic emails to the hitters may also be an over-kill, but would satisfy some of the prettier souls among us. Gadi.