For a few years I ran my own public DNS server. I liked it, great experience, I could easily connect all my host to a central and fast DNS, I avoided all those nasty ISPs who filter their DNS, and it was fast (not Google fast, but fast — I actually think Google DNS didn’t even launch when I set it up).
A good year or so, they started using the DNS server to DDoS others (spoofed UDP DNS requests). That’s annoying… It hit like 5k or so requests per minute… That wasn’t really fine, but I didn’t care much until I saw the traffic it ended up generating… Then I started to null route most IPs sending bogus DNS requests (spamming ripe.net or isc.org)… That usually worked, and for a whole time I didn’t get any more DDoS… Until, apparently, recently.
And 5 to 10k I can accept… But 120k is over the limit.
So, as of today I’m sunsetting my public DNS. Goodbye and thank you for all the fish.
I log the queries:
vm1 /etc/bind # vnstat -m eth0 / monthly month rx | tx | total | avg. rate ------------------------+-------------+-------------+--------------- Apr '12 44.04 GiB | 40.75 GiB | 84.79 GiB | 274.41 kbit/s May '12 108.58 GiB | 55.41 GiB | 163.99 GiB | 513.60 kbit/s Jun '12 150.30 GiB | 83.51 GiB | 233.81 GiB | 756.69 kbit/s Jul '12 240.42 GiB | 958.60 GiB | 1.17 TiB | 3.76 Mbit/s Aug '12 197.44 GiB | 745.38 GiB | 942.82 GiB | 2.95 Mbit/s Sep '12 182.99 GiB | 627.62 GiB | 810.61 GiB | 2.62 Mbit/s Oct '12 135.67 GiB | 431.33 GiB | 567.00 GiB | 1.78 Mbit/s Nov '12 93.75 GiB | 592.49 GiB | 686.24 GiB | 2.22 Mbit/s Dec '12 118.53 GiB | 68.36 GiB | 186.90 GiB | 585.35 kbit/s Jan '13 83.30 GiB | 159.82 GiB | 243.12 GiB | 761.43 kbit/s Feb '13 44.15 GiB | 187.99 GiB | 232.13 GiB | 804.93 kbit/s Mar '13 51.60 GiB | 532.81 GiB | 584.41 GiB | 4.04 Mbit/s ------------------------+-------------+-------------+--------------- estimated 113.87 GiB | 1.15 TiB | 1.26 TiB |
Leave a Reply…