Millions of DNS packets from S. America & China

Wondering if anyone else sees 3 or 4 million DNS packets per day aimed at them. From the whois results on the IP addresses they seem to come mostly from Co, Br, Ar, and China. Set a firewall rule to drop most of them.
Are they attempts to poison my dns cache? Should my ISP be doing something?

And why are you asking it on openSUSE forum? Should not you be asking your ISP?

1 Like

No, because I do not run a DNS server. Do you? Then better explain that first before you come to the problem.


I do not run a DNS server, even locally on my LAN.
Verizon pushed the problem away by giving me a new IP address (via DHCP) after they told me to reboot. My incoming traffic dropped dramatically. I suspect the packets may now be directed to the site that got my old IP.

Sounds like you have problem with the Mirai Bot Network

Learning more about my Mikrotik router I find that the firewall allows me to construct a filter rule that discards new packets from the WAN that have a destination port 53 (DNS). Each day this drops about a GB and 15M packets. Not enough to block my internet access so I consider this rule an acceptable solution.