Ok this one’s on me.
I stood up a test website and I used bunny net as my CDN. The url was predictable. Test dot domain dot net. Well, somebody found it and just hammered it. 1.3M requests in a week. I probably account for about 200 of those. I figured it out when the VM’s disk ran out of space from logging it all.
Total bandwidth 27.81 GB
Cached bandwidth 33.32 MB
Requests served 1,380,802
Cache hit rate 1.25%
I just noticed this DNS graph. The web site I took over in 2019. It's the busiest web site I have. But I really think the huge upswing in #DNS traffic is related to #AI bot scrapers. I have been struggling so hard just to make them go away. My bandwidth, compute, and web service are not for them. They are not welcome. They do not care.
Literally doubling month on month.
Now, I recently made changes to the DNS for that zone. And I made some screw-ups when I did it. So, I temporarily¹ set the TTL on the NS records to 600 seconds. I kept screwing them up and needing to change them.
Fixing the NS records this morning definitely had a benefit. Yesterday was 325,336 queries. Today was 254,492. So again, some of this is on me. But that whole 13-year DNS graph with a huge surge in the last 2 years is not all me. Stuff has changed.
¹ I remembered this morning when I was like "WTF do I have so much DNS traffic!?"
@paco
It's less likely that someone guessed the domain name. It's more likely that you, or bunny.net on your behalf, got a TLS cert signed by a Certificate Authority that logs to a certificate transparency log, and someone used that as a way to find potential new victims for whatever they're trying to do.
Paco Hope
Rune 🇨🇦