DNS is in motion
This is what recursive DNS looks like these days.
It seems some people eventually break things by updating their authoriative Servers hence the Server Failure responses and then there are these suspicious NXDOMAIN spikes. I was not yet able to pinpoint who asks what there but those could very well be spoofing attempts coming from our clients.
Not that they had any chance of succeeding we’re running PowerDNS recursor and have uRPF is deployed on everything ingres, so no spoofing there.
Add post to:
Comments
Damnit, need to comment on my own blog again. ;-)
So, on second thought, malicious folks could inject spoofed packets to our recursors from the outside, that is via BGP4+ peerings or upstream connectivity, now however via their adsl or modem lines because they are filtered.