network load problem - please help me solve this mystery

Sun Nov 24 04:22:38 UTC 2002

Greetings,

I run an anti-spam list based on a DNS zone (proxies.relays.monkeys.com)
that has become rather popular, to say the least.  Lots of sites seem to
be using it now.

The bad news, for me at least, is that the sum total of all of the
queries from all of these sites against this zone is now sucking up
a LOT of my miniscure bandwidth.  I'm not sure, but I think it is
verging on totally killing my puny little (384/128) DSL line.  I've
truned on query logging, just briefly, in my name server (recently
upgraded to bind 8.3.4) and, yes, I'm definitely receiving hundreds
of queries per second.  In fact, the rate of incoming queries is
so bad that when my name server is *not* running (e.g. briefly,
after a recent system reboot) my FreeBSD kernel noted the high rate
at which my system was returning port/host unreachable ICMP responses...
over 200 per second... assumed that this was related to some sort of 
DoS attack, and automatically limited the rate of outbound ICMP
responses.  (Yes, things really _are_ that bad now.)

This serious loading problem is all occuring on ns1.monkeys.com.

Now before anybody tells me to just get some more secondaries for my
zone(s), please read on...

I already _do_ have a _lot_ of off-site secondaries signed up that are
already serving up both the proxies.relays.monkeys.com zone *and* the
base container zone relays.monkeys.com.

Recently, realizing that I was in dire trouble because of all of this
DNS load, I even took what seemed to me to be the drastic step of
removing my own server (ns1.monkeys.com) from the list of authori-
tative nameservers for the proxies.relays.monkeys.com zone.  (You
can check this with dig, to verify that I did it right.)  I did that
more than 24 hours ago, and I did a name server reload at that time.
(The TTL on the zone is < 24 hours.)

So now, here is the big mystery:  As of this moment, my server, i.e.
ns1.monkeys.com, is *still* receiving several hundred queries against
the proxies.relays.monkeys.com zone PER SECOND.

Simple question:  Why?

This makes NO sense to me whatsoever.  Given the set of NS declarations
I have in place, it seems to me that ns1.monkeys.com should, at present
be receiving *zero* queries (from the outside anyway) against the
proxies.relays.monkeys.com zone.  Abnd yet here it is, still receiving
hundreds of queries per second against that zone.  I confess that I'm
utterly baffled.

I'm fundamentally fairly ignorant about both DNS and BIND, and I know it,
so please don't worry about hurting my feelings or anything.  I'm perfectly
willing to endure slings, arrows, insults, and whatever else anybody
might like to throw at me so long as I can get to the bottom of this
baffling problem.  Obviously, there is something fundamental and crucial
that I'm missing.  I hope that someone will take pity on my and clue me
in to what it might be.  Like I say, this is really killing the small
amount of bandwidth I have to play with.