Source: https://medium.com/@BillDA/excessive-bandwidth-consumed-by-mdnsresponder-on-os-x-8c8075286669

Author: @Bill D’Alessandro

I was checking the traffic statistics on my network when something insane jumped out at me, something that I was sure must be an error:

Nearly 90% of the ENTIRE TRAFFIC on my network was originating to/from Apple.com. Note that we are a fairly standard office environment, there is no reason we should have 761GB of traffic to ANYWHERE in just a few weeks time.

This amount of traffic is too large even for OS upgrades, so my first thought was that one of our employees was downloading and/or streaming 4K movies from iTunes while at work. Let’s see if we can dig into the by-client bandwidth stats and find the culprit…

“Bills-iMac” … that’s me.

Wait…that’s MY MACHINE. My own iMac had downloaded 436GB from Apple.com. What the heck is going on? I opened up Activity Monitor on my machine to see if I could find the offending process (note: I had already fixed the issue before taking this screenshot, but the “mDNSResponder” process had nearly 600GB of traffic).

Before I reset the statistics, mDNSResponder was over 600GB (sorry I forgot to grab a pre-fix screenshot)

After lots of Googling and digging pages and pages deep into the Apple support forums, I finally found a single post that suggested excessive DNS traffic can be caused by misconfigured OpenDNS. This made me wonder if perhaps ANY custom DNS server could cause the issue, and I remembered I had configured both my iMac and our router both to use Google’s free 8.8.8.8 DNS server. I won’t get into why you might want to use 8.8.8.8 in this article, but here is a solid write up.

It turns out that if you configure both your router (at the network level) AND your client (at the OS level) to use the same hard-coded DNS resolver, it creates a conflict that leads to massive and duplicative DNS traffic.

Which means that you may have this problem if you use any of the following public DNS resolvers:

Google — 8.8.8.8 / 8.8.4.4

OpenDNS — 208.67.222.222 / 208.67.220.220

Cloudflare DNS — 1.1.1.1

To fix the issue — make sure to configure custom DNS servers on EITHER the router OR the client, but not both. The best practice is to configure the DNS servers at the router level, and then let all the clients obtain DNS servers from the router using DHCP. If you hard-code the DNS server addresses in both places, get ready to consume all of you bandwidth with DNS queries.

Hopefully this Medium post ranks well enough on Google that others can find it — clap if it helped you out!