On Mon, May 9, 2022 at 7:27 PM Fred Morris <m3...@m3047.net> wrote: > On Mon, 9 May 2022, Alex K wrote: > > [...] > > The problem now is that I see sometime 700MB of DNS traffic for 2GB of > > Internet browsing within one month. > > That's an eyebrow raiser. Tunneling, antivirus (or some other database > using DNS as a key+value store), CDN? IoT fleet? Then comes the inevitable > "...or traffic you don't want". > > Not clear on where the expensive link sits (between the caching resolver > and clients, or between the caching resolver and the rest of the > internet). Not sure what you're able to do politically or where things > like privacy or "net neutrality" come into play, but it does seem to me > that not burning precious bandwidth for ads might be a value-added > service... if they're really watching cat videos. > The setup is edge device where a caching DNS server runs and where the users are serviced -> satellite -> upstream DNS servers that can be either public ones or my second level of caching DNS server depending on the setup. The expensive link is from the edge device to the next hop which is through satellite, and depending on the satellite type may have low allowance on the monthly traffic (4GB to 8GB max)
> > I second the comment that Dnstap might be your best friend. > > There are technical considerations, but I think generally this is veering > into the realm of what's possible (which is seldom actually technical); > this includes your means and ability to analyze the DNS traffic. If you > want to discuss further feel free to email me. > > Thanx for all the feedback. I will need to drill down and see what kind of DNS traffic is that then perhaps implement some more secure firewalling (find a way to block VPN over DNS) and rate limiting. I was also thinking perhaps to have a preloaded RPZ list that will block malware domains at the caching DNS server at the edge. > -- > > Fred Morris, internet plumber > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
