after collecting a lot of data from my firewall i wonder about the "structure" of the data in my network.
What i found out in the past - there's more than 50 % of the overall traffic caused by DNS.
My sonicwall is showing me 62.5%.
My question - i understand that i should "half" this a there's a client requesting my internal server and this is forwaring external requests so many packets may be double in the log.
But do others have the same amount of DNS packets compared to the "rest"?
Of course i checked the config many times. I have two internal DNS server and the sonicwall configured as DNS proxy. I can not see obvious configuration misstakes.
What is your network giving back? How many DNS compared to the rest of the traffic do you have and is more than 50% a usual thing?