Domain under heavy query load for no reason (1+mil queries per minute)

I have a domain that is country specific that could technically be considered a second-level domain, in October I started having close to a million queries every day and was forced to move to Cloud Flare as I hit my monthly quote at DNS Made Easy in a few days. This is a domain with no website other then a blank page and at most gets 50-60 visits a day.

All the queries are random looking and hitting what looks like generated subdomains at *.domain.tld from different countries. I did add a catch all *.domain.tld to 127.0.0.1 but doesn’t look like it’s helping.

Today at 3:17am (EDT) it hit close to 533k queries, at 3:18 1.3 million queries per minute and 1.26 million queries at 3:19 and then it slowed down to about 1+k per minute.

Any ideas what are my options? most likely a misconfig somewhere at big ISP or some very popular software that has messed up something.

What kind of Website it is? Is it news Website or?
Do you have some caching setup at your host/origin or at Cloudflare dashboard?
Do you have some security and which settings enabled at Cloudflare dashboard for your Website?
Could you be under an DDoS?

From your screenshot, I see NXDOMAIN.

I have a news Website, and in last 24 hours got this:

Not really anything you need to do. We consistently do approximately 8.5 million DNS queries per second for authoritative DNS. If DDoS mitigation becomes necessary Cloudflare has automated tools and processes to deal with it.

That is a fun spike, I assume the attacker will get bored or be mitigated by our tools, no action required on your part.

3 Likes

Not a news site, the site is technically just a blank page, it’s a net.tld domain and most in a month I would have gotten at most 500k queries, now it averages 1k/sec with some spikes sometimes, that was not a DDoS, it was just a spike, I have a feeling a big ISP or software maker messed up something in the config and using the wrong domain.

The NXDOMAIN was me testing for a few minutes to see if it will make a difference, no luck.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.