Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: [Solved] Excessive DNS Requests?
« previous next »
Pages: [1]   Go Down

[Solved] Excessive DNS Requests?

  • 3 Replies
  • 3941 Views

Offline smiit

  • ***
  • 41
  • +0/-0
[Solved] Excessive DNS Requests?
« on: May 05, 2009, 06:21:04 PM »
I received a message from my ISP's abuse department yesterday complaining of excessive DNS requests.  Never had a complaint from them in the 5 years we've been running SME.

Any suggestions on how I might analyze network traffic to figure out what's going on?

Should I concentrate on UDP 53 traffic or could it be any sort of rogue mail worm causing trouble on various ports?

Thanks in advance if anyone has any tips or usage examples using tcpdump, iptraf or nmap.


« Last Edit: May 06, 2009, 03:19:01 PM by smiit »
Logged

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Excessive DNS Requests?
« Reply #1 on: May 05, 2009, 07:13:34 PM »
Quote from: smiit on May 05, 2009, 06:21:04 PM
I received a message from my ISP's abuse department yesterday complaining of excessive DNS requests.  Never had a complaint from them in the 5 years we've been running SME.

Any suggestions on how I might analyze network traffic to figure out what's going on?

Should I concentrate on UDP 53 traffic or could it be any sort of rogue mail worm causing trouble on various ports?

Thanks in advance if anyone has any tips or usage examples using tcpdump, iptraf or nmap.
AFAIK SME Server does it's own name resolution for itself and it's configured networks unless you have set a external DNS server through the admin console. Perhaps they are referring to that type of traffic?
Logged
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline smiit

  • ***
  • 41
  • +0/-0
Re: [Solved] Excessive DNS Requests?
« Reply #2 on: May 06, 2009, 03:21:05 PM »
Just received an e-mail from the ISP - an error on their end kicked out the abuse warning - they now claim customers have outdated firmware on their provided routers and/or there still may be a rogue client machine flooding spam around.
Logged

Offline thomasch

  • *
  • 232
  • +0/-0
Re: [Solved] Excessive DNS Requests?
« Reply #3 on: May 07, 2009, 08:33:41 AM »
Quote from: smiit on May 05, 2009, 06:21:04 PM
I received a message from my ISP's abuse department yesterday complaining of excessive DNS requests.  Never had a complaint from them in the 5 years we've been running SME.

Any suggestions on how I might analyze network traffic to figure out what's going on?

Should I concentrate on UDP 53 traffic or could it be any sort of rogue mail worm causing trouble on various ports?

Thanks in advance if anyone has any tips or usage examples using tcpdump, iptraf or nmap.

I 've seen DNS Flood Alert in my ADSL router when SMEserver querying a list of DNS server out there (hundreds). Maybe this kind of request that alerts yourISP for 'excessive DNS request'. Nothing to worry about though. This is by design.

thomas
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: [Solved] Excessive DNS Requests?