[192104] in North American Network Operators' Group
Re: Excessive Netflix DNS Traffic?
daemon@ATHENA.MIT.EDU (Velocity Lists)
Wed Oct 19 13:16:47 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <E6C6D00C5EE37E68.B134CFDB-1D3C-4731-848D-6DFD4E2719F9@mail.outlook.com>
From: Velocity Lists <volists@staff.velocityonline.net>
Date: Wed, 19 Oct 2016 13:16:42 -0400
To: Dave Temkin <dave@temk.in>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Did (Netflix) find an issue?
Velocity Online
850-205-4638
On Mon, Oct 17, 2016 at 12:05 PM, Dave Temkin <dave@temk.in> wrote:
> We (Netflix) are investigating this now.
>
> -Dave
>
>
>
>
>
> On Sat, Oct 15, 2016 at 12:44 PM -0500, "Velocity Lists" <
> volists@staff.velocityonline.net> wrote:
>
> We have seen it as well.
>> In our cases it is all TCP DNS traffic as well.
>>
>> Velocity Online850-205-4638
>>
>> On Fri, Oct 14, 2016 at 11:43 AM, Eamon Bauman
>> wrote:
>>
>> > We're rate limiting it now, but it's definitely bad behavior. When I open
>> > the flood gates, over a 5-min sample from a single host I received well
>> > over 61,000 queries.
>> > The size of the records being requested cause this to be an (unintended)
>> > amplification attack, as a 30Mbps inbound sum is getting amplified to
>> > 150-200Mbps outbound.
>> >
>> > On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds
>> > wrote:
>> >
>> > > Same here :)
>> > >
>> > > On Oct 13, 2016 1:09 PM, "Ryan, Spencer" wrote:
>> > >
>> > >> I was going to point you to the reddit thread about it, but it looks to
>> > >> be your thread :)
>> > >>
>> > >>
>> > >> Spencer Ryan | Senior Systems Administrator | sryan@arbor.net >> sryan@arbor.net>
>> > >> Arbor Networks
>> > >> +1.734.794.5033 (d) | +1.734.846.2053 (m)
>> > >> www.arbornetworks.com
>> > >>
>> > >>
>> > >> ________________________________
>> > >> From: NANOG on behalf of Eamon Bauman <
>> > >> eamon@eamonbauman.com>
>> > >> Sent: Thursday, October 13, 2016 10:26:57 AM
>> > >> To: nanog@nanog.org
>> > >> Subject: Excessive Netflix DNS Traffic?
>> > >>
>> > >> Hi all,
>> > >>
>> > >> Is anyone seeing excessive DNS traffic from game consoles (Xbox One,
>> > PS4)
>> > >> running Netflix? Starting 9/29 we have been seeing significant volume of
>> > >> DNS traffic from game consoles on our campus to our caching recursive
>> > >> boxes. Logs show repeated requests for api-global.netflix.com and
>> > >> nrdp.nccp.netflix.com.
>> > >>
>> > >> Anyone else experiencing this?
>> > >>
>> > >> Eamon
>> > >>
>> > >
>> >
>>
>>
