DNS lookup spam running up Route 53 bill

dgobaud

7/8/23, 12:33 PM

Throughout 21 we saw around 15M DNS queries/month. In January 2022 we saw almost 300M and I didn't notice.... then February almost 1 BILLION...... and I noticed because of the bill. Amazon isn't really helping yet I told them this is obviously spam.

This isn't application layer there is nothing I can do right...?

0 + 0

domain-name-system

spam

dns-hosting

amazon-route53

shearn89

7/8/23, 12:59 PM

Route53 doesn't charge for some record types - things like A and AAAA or Alias records pointing at AWS resources. Maybe review what records you have and see if you can adjust them?

djdomi

7/8/23, 6:42 PM

https://aws.amazon.com/en/route53/pricing/ @shearn89 i think thats not entirely true

John Mahowald

7/9/23, 5:03 AM

One billion or one trillion? AWS pricing calculator refuses to exceed 10 billion.

shearn89

7/9/23, 8:23 AM

@djdomi - that's the page I checked: "DNS queries are free when both of the following are true: The domain or subdomain name (example.com or acme.example.com) and the record type (A) in the query match an alias record. The alias target is an AWS resource other than another Route 53 record."

dgobaud

7/9/23, 3:01 PM

@djdomi - my mistake indeed ~1 billion or 980,441,652 queries in February. Still definitely an attack... not legit traffic.

djdomi

7/9/23, 4:36 PM

i eould maybe contact the support instead and ask for a detailed invoice and moreover how to prevent such attempts?!

dgobaud

7/11/23, 2:16 AM

Just an update - confirmed an attack being spammed with literally up to 38M+ lookups of random junk subdomains in an hour. https://www.cloudflare.com/learning/ddos/dns-flood-ddos-attack/ am talking to Amazon. CloudFlare DNS is free so if Amazon won't do anything and wants to keep charging seems the solution is to move away.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: DNS lookup spam running up Route 53 bill

TH: สแปมการค้นหา DNS เรียกใช้บิล Route 53

RO: Spam de căutare DNS care rulează pe factura Route 53

RU: Спам, связанный с DNS-поиском, приводит к выставлению счетов за Route 53

VI: Thư rác tra cứu DNS chạy lên hóa đơn Tuyến đường 53

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.