We're rate limiting it now, but it's definitely bad behavior. When I open the flood gates, over a 5-min sample from a single host I received well over 61,000 queries. The size of the records being requested cause this to be an (unintended) amplification attack, as a 30Mbps inbound sum is getting amplified to 150-200Mbps outbound.
On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <[email protected]> wrote: > Same here :) > > On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <[email protected]> wrote: > >> I was going to point you to the reddit thread about it, but it looks to >> be your thread :) >> >> >> Spencer Ryan | Senior Systems Administrator | [email protected]<mailto: >> [email protected]> >> Arbor Networks >> +1.734.794.5033 (d) | +1.734.846.2053 (m) >> www.arbornetworks.com<http://www.arbornetworks.com/> >> >> >> ________________________________ >> From: NANOG <[email protected]> on behalf of Eamon Bauman < >> [email protected]> >> Sent: Thursday, October 13, 2016 10:26:57 AM >> To: [email protected] >> Subject: Excessive Netflix DNS Traffic? >> >> Hi all, >> >> Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4) >> running Netflix? Starting 9/29 we have been seeing significant volume of >> DNS traffic from game consoles on our campus to our caching recursive >> boxes. Logs show repeated requests for api-global.netflix.com and >> nrdp.nccp.netflix.com. >> >> Anyone else experiencing this? >> >> Eamon >> >
