Check your resolver folks.
Don't just base your look-ups on one provider, run your own resolver as well.
Looking at you Google DNS :-)
I fell in to that trap, but wised up.
O.K. Looks like I also can't read a T.O.S.:
Found here https://developers.google.com/speed/public-dns/docs/security#rate_limit
Further discussion here: https://www.reddit.com/r/networking/comments/4aufui/problems_using_googles_dns_servers_today/
Make sure your queries for the Google public DNS service are below the rate limit or they will:
- Drop DNS queries from your client IP (alternatively switch to TCP answers).
- Outright block you for a day (see above limitation).
- Shared in post by Redditor medster10:
"We are currently applying mitigations to limit the impact of this blocking on users who are not actively part of any Denial of Service attack (even unwittingly) but merely have high levels of query activity."
Thanks to https://www.reddit.com/user/medster10
for sharing the email info and links.
Also, thanks to Digital Ocean for the default setups using Google public DNS and being the canary in the proverbial canary in the coal mine.