We're rate limiting it now, but it's definitely bad behavior. When I open the flood gates, over a 5-min sample from a single host I received well over 61,000 queries. The size of the records being requested cause this to be an (unintended) amplification attack, as a 30Mbps inbound sum is getting amplified to 150-200Mbps outbound.
On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <j...@kyneticwifi.com> wrote: > Same here :) > > On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <sr...@arbor.net> wrote: > >> I was going to point you to the reddit thread about it, but it looks to >> be your thread :) >> >> >> Spencer Ryan | Senior Systems Administrator | sr...@arbor.net<mailto: >> sr...@arbor.net> >> Arbor Networks >> +1.734.794.5033 (d) | +1.734.846.2053 (m) >> www.arbornetworks.com<http://www.arbornetworks.com/> >> >> >> ________________________________ >> From: NANOG <nanog-boun...@nanog.org> on behalf of Eamon Bauman < >> ea...@eamonbauman.com> >> Sent: Thursday, October 13, 2016 10:26:57 AM >> To: nanog@nanog.org >> Subject: Excessive Netflix DNS Traffic? >> >> Hi all, >> >> Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4) >> running Netflix? Starting 9/29 we have been seeing significant volume of >> DNS traffic from game consoles on our campus to our caching recursive >> boxes. Logs show repeated requests for api-global.netflix.com and >> nrdp.nccp.netflix.com. >> >> Anyone else experiencing this? >> >> Eamon >> >