Large traffic from Ips (cloudflare sweden) to your dns ORG. such as DNS3.gov.ps

a.salameh · March 10, 2025, 5:51pm

What is the name of the domain?

dns3.gov.ps , dns3.gov.ps

What is the issue you’re encountering

we as SOC for palestine , we face a huge traffic from your IP for ex. :162.185.180.239 , 162.185.180.14 , 162.185.180.237 all ips from Sweden to our DNs’s dons3.gov.ps , dns4.pna.ps , dns5.gov.ps ,please make your team to investigate and solve

What is the current SSL/TLS setting?

Off

GeorgeAppiah · March 10, 2025, 6:44pm

These IPs all belong to AS21928 (T-Mobile USA)… not Cloudflare and not from Sweden.

a.salameh · March 10, 2025, 7:07pm

sorry the IPS are such as
162.158.180.239

162.158.180.14

162.158.180.237

162.158.181.10

162.158.180.251

DarkDeviL · March 10, 2025, 10:03pm

For users of the 1.1.1.1 DNS resolver, that are reaching Cloudflare’s facility in Stockholm, Sweden, the traffic to your authoritative DNS servers will likely originate from these (or the surrounding) IP addresses, when they send queries for any DNS zone that is hosted on any of the mentioned servers, such as e.g. “dns4.pna.ps”.

I’m therefore wondering, …

What do you call “huge”?
What exact domain(s) are you having issues with?

“dns4.pna.ps” is for example authoritative DNS for “environment.ps.” and “palgov.ps”, to mention a couple of examples.

Both of those are having TTL’s of 3600 seconds (1 hour), and raising them may reduce the query load, that e.g. “dns4.pna.ps” may have to take, for these domains.

Another domain name, such as e.g. “cert.ps” does seem to use a TTL of 86400 seconds (24 hours), meaning that DNS resolvers, such as e.g. 1.1.1.1 are allowed to cache DNS queries for much longer than the two other domains.

Raising the TTL for your domain(s) is one way to reduce the DNS query load, if you prefer fewer queries.

I don’t think there is anything to investigate here?

But improving the overall DNS configuration for the operations of many of these “.ps” domains, and DNS records, may eventually lead to a better result for you, regarding the DNS query volume.

$ dig +noall +answer A dns4.pna.ps @1.1.1.1
dns4.pna.ps.            950400  IN      A       185.153.160.4
dns4.pna.ps.            950400  IN      A       10.99.55.3

I suggest that you remove that “10.99.55.3” A record from the public view.

a.salameh · March 17, 2025, 9:34am

hello
The DNS.pna.ps domain has been modified. We are currently working on selecting the best value for the TTL.
please inform us if there any additional modifications?
Thanks

Topic		Replies	Views
Proxied IPv4 causing issues DNS & Network	3	613	November 10, 2023
Changed DNS to Cloudflare, now massive requests from USA DNS & Network	4	2659	October 16, 2019
Domain provider asking for IP Getting Started	5	1905	September 1, 2018
IP and DNS issues DNS & Network	3	347	January 19, 2024
Subject: Inquiry Regarding Traffic Configuration on Cloudflare DNS & Network	2	202	May 21, 2024

Large traffic from Ips (cloudflare sweden) to your dns ORG. such as DNS3.gov.ps

What is the name of the domain?

What is the issue you’re encountering

What is the current SSL/TLS setting?

Related topics