How do I fix DNS flood queries overload in cloudflare problem?
Dear All Experts
I'm facing a big problem in DNS queries recently it happens two times daily i guess with over 700 dns queries and it used to be even more like 1300 in just single second , it seems as some sort of sophisticated DNS DDOS attack or something , any tips or ways to help and avoid such ones.
problem shown in photo below.
21 Replies
It could be certs being renewed, they show up in Public CT logs (Certificate Transparency), and a bunch of bots rush to scan and such.
Regardless, you don't pay for DNS Queries, you have Unlimited, and Cloudflare should have no issues absorbing that traffic. I would just ignore it. A bunch of traffic in a single second isn't really "sophisticated"
Hi thanks for your reply
how can i avoid it because sometimes it crashes my website for 3 - 5 minutes and slows down it performance , i know this because we have over 1400 company rival and over 3100 blacklisted whiners in our db
so you only recommend certs renewals to fix it ?
Do you see a corresponding uptick in HTTP(S) traffic? The systems serving DNS aren’t the same as the systems proxying your website, so this high level of traffic shouldn’t have any effect on your website itself
well then how you explain my domains and my website goes down sometime then on these peaks specially ?
I still searching for a real solution for this dns flood ddos attack but nothing useful found on the internet yet.
A lot of requests don't necessarily correlate with downtime of a website, which is why I was wondering whether the dashs shows any HTTP(S) traffic there too. You can't really stop a DNS flood(at least on Cloudflare), but you can definitely stop an HTTP(S)-based attack.
yeah https you can via WAF and make strong rules i already made ones but still only minor to no effect on dns flood like they range between 740 low attack till 1100 high attack. I guess only paid premium dns protection services is my only choice.
The "DNS Flood" is at best a symptom of something else, like an http flood incoming. The actual DNS Traffic does not matter or affect you in the slightest, DNS Queries are cheap anyway, compared to http requests. If you got some special dns protection service it would be pointless, because you wouldn't be solving anything and DNS Traffic is much harder to mitigate/challenge anyway because there is less information you can get (harder to not block innocents)
If you go to your website in Cloudflare, and Analytics & Logs -> Traffic, you don't see any increase in http requests around the same time?
here's two photos , sure i see both but not same volume.
see it's not that big peak comparing to dns like 500 http requests but for dns 800 and something maybe less http.
DNS Volume isn't going to match up with http generally, there's a lot more records (A/AAAA for IPv4/IPv6, HTTPS for SNI/other http hints, DNSKEY for DNSSEC, etc) that may need to be queried for a single http request, potentially 3-4
that's also different time periods, right? Looks like dns is 6 hours and traffic there is 24 hours, which I think is all you get on free anyway
my website goes down sometime then on these peaks specially ?When you say your "website goes down", can you clarify what you mean by this? Which Cloudflare error? If you have any monitoring on your origin web server, do you see an increase in http requests or cpu % there?
goes down = it's down can't access my website nor cpanel nor anything
yes also cpu peak but not that much
Any more info then that? Do you get a specific Cloudflare error? Is your cpanel on a separate subdomain proxied by Cloudflare?
similar to this error on my cpanel as for cloudflare it shows the normal error when can't connect to origin server.
