[GLLUG] Failing DNS queries

Tim Woodall t at woodall.me.uk
Sat Jan 9 00:59:20 UTC 2021 

I'm getting a lot of dns queries that are (correctly) being refused.

       2   73.74.74.8 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
       3   24.51.114.75 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
       5   75.74.75.75 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      20   47.33.153.17 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      22   98.255.163.109 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      25   162.144.50.35 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      28   100.16.208.90 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      31   3.239.138.250 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      38   74.74.74.9 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      69   185.236.201.140 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      80   67.186.81.99 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      82   138.128.138.146 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
      86   108.49.177.17 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     112   173.24.45.165 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     121   3.138.246.95 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     133   78.2.12.185 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     148   31.215.87.14 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     153   75.181.6.66 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     208   184.51.146.184 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     236   104.238.163.81 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     286   154.3.250.71 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144
     359   173.231.186.139 (.): view external: query failed (REFUSED) for ./IN/ANY at ../../../bin/named/query.c:7144

Thats in the first half hour of today.

It's not really causing me a problem (so far) - although I might look at
ratelimiting the queries to a few a day at the firewall. But is this
some sort of DNS amplification that I've not heard of and do I need to
do something different?

Roughly 5000 queries last week, 1000 the week before, just two the week
before that but 140k queries this week like this.

This is the secondary server. The primary saw similar ramp up but I've
only seen 5000 this week

Tim.

More information about the GLLUG mailing list