Hi there Radaghast.
I would say, the amount of traffic generated by utilities like namebench or dnsbench is tiny in comparison to something like a DoS or DDoS attack. Moreover, an attack, for the most part, tends to be sustained, whereas the traffic generated by utilities are short lived.
You're probably right about that, and your point is well taken.
Still, I wonder where some ISPs draw their line in the sand. Do they meter such
traffic on a network or server level, or is there even a difference nowadays?
And if they do throttle one's DNS usage, is it done on a dynamic, adaptive basis
(w DNS queries in x Seconds results in a limit of y queries for the next z minutes)?
Or do you just have to "spring the trap" once to get permanently throttled?
While not entirely analagous, I recently faced a similar situation with a large U.S.
West-coast ISP regarding my access to outbound port 25. In my case, their
network management system was neither dynamic nor adaptive, but certainly
reactive. One day, completely out of the blue, I received a mysterious e-mail
from the ISP, essentially stating "We've recently noticed an increase in use of
port 25 from your IP address, so we've blocked it. Don't even ask to get it back."
No, I wasn't spamming, nor was my machine infected. I have a feeling that
the message was generated by an automaton, without any human intervention
To put it in perspective, most modern browsers support DNS-prefetching and in some cases link pre-fetching. if one visits a site with a large number off-site links, it's easy to generate dozens of DNS requests as well as generating additional traffic for link fetching.
I really wasn't aware of this fact. Guess I haven't been keeping up on current
events. Thanks for that insight.
It's also worth looking at the statistics for some of the well known DNS servers. For example you can look at the root name server statistics - C. ROOT - SERVERS .NET to get some idea of how many queries per second they're handling and compared to something like Google public DNS, these numbers are quite low.
It looks like they handle about 20,000 to 25,000 queries per second.
I'll admit, that's a lot. One of the benchmarking tools is configurable.
So.. if you tell it to do 5000 lookups, and it does that over the course
of a couple minutes, even though the total number of queries can
be quite high, the load on any given server won't be all that great,
On the other hand, if your ISP is metering the number of UDP
connections to port 53 from a given IP address over a specific
period of time, that might raise a flag in their network management
I might also mention that Google advocate the use of namebench for DNS testing in the FAQ for the public DNS servers
Personally, I never pay much attention to what Google advocate, or not.
Yet, I find this interesting.
Thanks again for your post!