IoT DNS Flooding

Started by irrenarzt, June 25, 2025, 04:45:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 25, 2025, 04:45:41 PM
Looking for some thoughts or ideas regarding a DNS issue.

I use Control D (DNS over TLS through Unbound), which has an abuse policy that will block your IP for 24 hours if you exceed 3,000 queries a minute.

I also have several Amazon Echoes, which twice over that last two weeks started randomly spamming excessive requests in the middle of the night (over 50,000 requests in a 10 minute period to api.amazon.com).

As a result, when I wake up I have no DNS service available and have to shift to a less preferred backup. How would you guys go about resolving this problem? At the moment, the only thing I can think to do is set up an override in Unbound so that the API requests are sent to a specific IP instead of being forwarded...
June 25, 2025, 05:52:30 PM #1
You do no tell how you set up your DNS, but you could use a local DNS server as a caching proxy. In that case, multiple requests for the same name should be cached.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
June 25, 2025, 06:37:53 PM #2
I just run a very basic DNSMASQ to Unbound, which queries DNS over TLS to Control D.

The excessive DNS requests are a pretty recent phenomena, which I don't really understand either. It's occurring both randomly and infrequently during intervals where there is no activity, but I don't think that's something possible to pin down.
Print
Go Up Pages1
User actions