What's an average # of Daily DNS requests? 83k?! Network compromised?!

Comments

5 comments

  • Avatar
    rotblitz

    My home network counts around 10k per day, sometimes 20k, with 1-3 users and up to 6 devices, average 1 user with 2 devices.  Please note, we have disabled DNS prefetching in nearly all browsers in our network which reduces the DNS traffic significantly.  Therefore, if you have DNS prefetching enabled and maybe also work with DNSBL for e-mail and such, your DNS traffic will be significantly higher.

    "I see 9,000 on ours and feel that's scary high."   -   Oh no, that's below normal.

    "83k?!"  -  You said 9k, so what's this 83k about?

    1
    Comment actions Permalink
  • Avatar
    mattwilson9090

    There is no average number of requests, or at least not an average that is meaningful to anyone but statisticians. What is average for your household is going to be determined by the number of users, devices, and kinds of activity on your network. Some websites or services generate huge numbers of DNS lookups, especially if prefetching is disabled, while others generate very little. As with any performance monitoring, once you have things setup and working properly, then you need to take a baseline and compare ongoing performance to that baseline, investigating further when there are significant and/or long term variations from that baseline, especially if those variations don't also accompany a known change of some sort.

    0
    Comment actions Permalink
  • Avatar
    feelinghackedugh

    Yes, three days ago we had 83,000 DNS requests, and when we first signed up for openDNS a few days prior - we had 9k requests. We had our network compromised before, and are hoping it's secured now, but it'd be nice to know what 'normal' is. We are not streaming porn or using torrents. We simply have 3 laptops and 3 devices used for social media, emails, and some web design -- nothing crazy.

     

    I wish I knew if we were truly secure at this point. I feel like I flush the DNS cache resolver everytime i get online!

    0
    Comment actions Permalink
  • Avatar
    feelinghackedugh

    and yes, I have prefetching turned off on all browsers as well. It's been a while, but we had tons of MIM attacks on our router and denial of service (ex was a hacker that wanted to really put us through mental anguish!)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "We are not streaming porn or using torrents."

    And even if, this wouldn't increase your DNS queries significantly.  Streaming and downloads normally do not use multiple DNS queries, just one per stream or download.

    "I wish I knew if we were truly secure at this point...  we had tons of MIM attacks on our router and denial of service (ex was a hacker that wanted to really put us through mental anguish!)"

    This is not something OpenDNS can much help you with, at least not the home versions, and not at all regarding traffic from outside.  A recursive DNS service like OpenDNS is only for name resolution from inside requests to outside.

    " I feel like I flush the DNS cache resolver everytime i get online!"

    This is useless activity.  What should this be good for?  It just increases the number of DNS queries at OpenDNS.

    Summarizing: if your network would be compromised, you most likely would not see this with your OpenDNS stats.  There are three exceptions for the home versions: the Conficker Virus, the IE Zero Day Exploit, and DNS Rebind attacks.  These are the only DNS related infections or attacks which would be reflected in the OpenDNS stats.

    Also, all DNSv6 traffic (DNS traffic over IPv6) will not appear in your stats at all yet.

    0
    Comment actions Permalink

Please sign in to leave a comment.