As some may already know, I offer a small public encrypted DNS service at dns.bentasker.co.uk, offering DNS resolution via DNS-over-HTTPS (DoH) and DNS-over-TCP (DoT).
The setup I use is an evolution of that one I described when I published Building and Running your own DNS-over-HTTPS Server 18 months ago, providing ad and phishing blocking as well as encrypted transport.
It was never intended that my DNS service take over the world, in fact, on the homepage it says
A small ad and phishing blocking DNS privacy resolver supporting D-o-H and D-o-T.... This service is, at best, a small hobby project to ensure that there are still some privacy-sensitive DNS services out there.
Not all nodes in my edge even run the DNS service.
The service has always seen some use - much more than I really expected - with queries coming in from all over the globe, and query rates are pretty respectable as a result.
However, recently, query rates changed, and there was such a seismic shift in my daily graphs that the previous "routine" usage started to look like 0:
I'm omitting figures and dates out of an abundance of caution, but the lines represent usage across different days (the vertical grey lines each denoting a day)
You can see that usage increased by several orders of magnitude (the turquoise line is the number of advertising domains blocked, so usually increases roughly proportionately).
The change in traffic rates triggered a few things
- Alarms/notifications from my monitoring
- Notifications from some of my connectivity providers to say they were mitigating an apparent DoS
This post is about the (very few, actually) minor things I found I needed to do to ensure Pi-Hole could keep up with the new load.