Has anyone else noticed dramatic increase in DNS requests?
I believe that there is an active DDOS going on using DNS against the US commerce dept.
I did have recursion disabled on all but one server, but on several on my DNS servers I noticed within the past few weeks a dramatic increase of queries for "DOC.GOV" "ANY" records. An increase of 6K/min requests for that record alone on each of the servers (many on linode, but some elsewhere.
The one server that had recursion (now disabled DOH!) had over 60GB of outgoing DNS traffic in 2 days. Outgoing traffic now back to normal, but the queries are still coming in to several of the servers.
This may very well be part of a massive DDoS recently.
I don't allow recursion on any of my servers though so I don't know why the attackers are bothering with me.