[dsl]

Can you give an example of what 'trashy' is?

You could be an open resolver being used for reflection. You could be running DNSSEC and providing an amplification vector. You could be getting queries for another DNS server that used to have your IP. The possibilities are endless.

[zrail]

I'm running tinydns so it's definitely not DNSSEC or open resolving. The queries are for my domains, so it's not that they're questionable. The problem is that there are millions of them all from the same IP. So, it could be that it's some kind of attack, but I really don't know.

I'm planning on moving hosting over to Route53 at some point in the next few days, because the fact that I can't figure this out other than "turn off logging" tells me I probably shouldn't be running DNS servers.