Tons of random clients connected - all spamming same requests

Hello there,

I have not logged into my pi-hole web interface for the last 24 hours, but when I just looked I was suprised to see 90 random clients connected and more than 300,000 queries! There's normally around 20 clients connected with around 40-50k total queries in a day.

All of the random clients connected to my pi-hole because I (stupidly) forgot to unforward port 53 after I was finished testing something.

The clients seem to be spamming requests to the same website - which is apparently an 'AAA' record according to the interface.

I have now got rid of my port forwarding rule for DNS so the clients can't connect anymore. Does anyone know what the website is for and what the purpose of this attack is? Some of the clients have the hostname of an Amazon EC2 Instance of some of them report other hostnames. Most of them say 'unknown' though.

In a 4 minute period from 5:30 - 5:34am this morning they spammed over 43,000 DNS queries! It dosen't look like they are spamming all the time, as there are only 4 massive peaks in the pi-hole graph.

Many Thanks.

The queries appear to be coming from the Open Resolver Scanning Project. You had an open resolver, and they found it.

dig +short

dig -x +short

Never open port 53 on your router when you have a Pi-hole or other DNS server running.

Thanks for the fast reply! What is the Open Resolver Scanning Project? It's not something dangerous is it?

Look at my (edited) reply. There is a link to their site. It is not dangerous.

What were you "testing" with port 53 open?

Thank goodness, I was very concerned when I saw the queries that I turned the server off immediatly lol!

I just wanted to connect a specific device located outside of my local network to see what DNS queries it was making. I was going to remove the port forwarding rule straight after but I forgot.

Thanks again!