Operators within Net-24 (typically Cable Operators) would
do good in setting up a AS112 anycasted DNS server within
their networks.
Cable modem users tyically NAT their connections to allow
multiple machines at home to be "online". This causes
local hosts to generate junk traffic towards the global
internet when these machines query for or try DynaDNS
updates on RFC-1918 addresses.
In a 100,000 query sample (lasted for 30 seconds) we saw
768 unique Net-24 prefixes. All of them had multiple
queries within the sample period.
Looking at the raw data, we saw 7444 queries out of
100,000 queries from Net-24 prefixes.
Given this, each Net-24 query, on average, asked for
info 10 times within the 30 sec sample window.
All of this is from a AS112 server located in NM that
is announcing the AS112 prefix towards our transit provider
AS 1239.
If you are not aware of the AS112 project you should
look at :
http://www.as112.net Site maintained by Paul Vixie
My setup tips page:
http://www.chagreslabs.net/jmbrown/research/as112/index.html
Based on a 1,000,000 query (2 min period of time) here are the
top 20 /8's that gen bogus queries for RFC-1918 related DNS
data.
61637 24.0.0.0
51596 65.0.0.0
36974 216.0.0.0
32925 63.0.0.0
31503 66.0.0.0
31483 208.0.0.0
30760 217.0.0.0
25813 168.0.0.0
25538 151.0.0.0
25300 209.0.0.0
19862 200.0.0.0
19375 68.0.0.0
17568 207.0.0.0
17303 80.0.0.0
16585 141.0.0.0
13831 64.0.0.0
11652 206.0.0.0
10295 204.0.0.0
10016 205.0.0.0
7795 218.0.0.0
6666 202.0.0.0