Is google DNS blocking users after a certain limit?

[d.kr...@gmail.com]

Hi,

I'm the creator of varys.io, an uptime monitoring service.

I had problems the last 2 days as most of my DNS requests seem to fail. I'm using HHVM and PHP (switched between them, same result) running on a ubuntu 14.04 server which curls about 500 domains every 5 minutes. The DNS for these actions are googles 8.8.8.8 and 8.8.4.4, the servers are hosted at digitalocean.

In the last 48 Hours I had massive problems as the hostnames don't get solved. I tried flushing the DNS cache, restarting the hhvm/php processes, rebooting the system etc. Still about 80% of my requests fail.

So are there any limits for google's DNS servers?

[Shen Wan]

We do have Query-Per-Second limit for each client IP address. However, 500 queries per 5 minutes, or ~2 QPS, should be fine. Do you have any other clients behind the same egress IP? And which domains failed to resolve for you? Please follow https://developers.google.com/speed/public-dns/docs/using#troubleshooting to diagnose and provide us your result if you still need help.

Thanks!

[jder...@gmail.com]

Good afternoon sir,

In my district, we have 2500 Chromebooks configured to use public DNS 8.8.8.8 and 8.8.4.4. They can set up in a guest role outside of our internal network so they appear as one exteral IP address. When doing a connection test in 2 schools, we had the students boot up the Chromebooks and surf to a specific site. Right after this test, we were getting DNS errors. We believe this might have triggered the DDoS prevention service that Google's Public DNS offers (Query-per-second). Today, (9/17/15), our student were doing an online test(map test), mid way into the test, we believe they needed to reach out to the DNS to query the address (cache expired) and that triggered the DDoS prevention again. Do you have any solutions or suggestions to offer? We would like to keep them in an outside role of our network. Thanks again.

[Tanner Ryan]

Just looking at the size of your school network, I recommended that you setup your own DNS server (e.g. Bind), and set the forwarder to Google Public DNS. This way the initial lookup is still done via Google Public DNS, but everything after (until the ttl on the record expires) is coming from your DNS server.

This will take some load off your network (as many requests will be cached in the internal network) thus improving the performance.

Just make sure that if you run your own DNS server, to update DHCP accordingly (make sure DHCP gives out local DNS server IP rather than Google).

And, if uptime is very important, run two caching DNS servers (just incase one crashes, freezes, etc.).

~Tanner

[Marco Davids]

Hi,

Do you happen to have IPv6? If so, perhaps you could try to configure this: 

• 2001:4860:4860::8888
• 2001:4860:4860::8844

Perhaps that will prevent running into rate limiting issues?

--

Marco

Op donderdag 17 september 2015 21:15:31 UTC+2 schreef jder...@gmail.com:

[Jeremy DeRoy]

Thanks for the reply,

We are using ipv4, as a temporary fix, we are using root hints.

[valenti...@gmail.com]

I think the best way in your circumstances will be setup your own Bind server and add Google forwarders to them.

If you only queries the same 500 domains or so every 5 mins to should help you now and when your client database grow up too.

Take a look here for few examples.

вторник, 18 августа 2015 г., 21:17:55 UTC+6 пользователь d.kr...@gmail.com написал: