Hi unSpawn, thank you for the reply and please the information you requested
Which OS and update version? - Red Hat Enterprise Linux AS release 4 (Nahant Update 4)
Which ISC BIND version? - BIND 9.2.4
Does software get updated when updates are released? - No
Does it run any other (publicly accessible) services? - This was running an email server but we have decommissioned and supervises are down now
Does the machine get audited regularly? - No
Do login records (last, lastb) show anomalous logins? - Not that I have noticed
Do system or daemon logs show anomalous entries? - messages similar to below in message log are appearing
Oct 9 00:26:45 dn named: client 18.104.22.168#25345: no more recursive clients: quota reached
Does the file system show odd files or binaries? - No, not that I can see
Do these IP addresses show up in any logs or login records? - in the message log
What ports are involved? - 53
How random are these IP addresses? not sure
Edge router logging or iptables -j LOG rules (with the -m owner module?) or tcpdump or else netstat or lsof.
I have tried some of which you mentioned and failed to identify the cause. We were trouble shooting high bandwidth usage from ISP side using Wire Shark, then only that we found out about 90% of the traffic is related to above mentioned issue.
Thank you and Regards