What is an 'Open DNS Resolver'?
An open DNS resolver is a DNS server that resolves recursive DNS queries from anybody on the internet.
Running an open (UDP) service is not wrong on its own. Unfortunately, hackers have also found this feature valuable in doing a particular type of DDoS attack called an "amplification attack" For further information please observe: https://en.wikipedia.org/wiki/Denial-of-service_attack
Recommended action
We politely ask you to reconfigure your DNS server to only allow DNS queries from trusted sources or, if you don't actually use it, to disable the service entirely.
Solving DNS recursion in Windows Server
- Once you are logged into the server you will need to open the 'DNS manager'.
- Right-click on the preferred DNS server and select 'Properties'.
- Next, select the 'Advanced' tab.
- Check the 'Disable recursion' box in Server options and click ok.
- The open DNS resolver on this DNS server is now disabled.
For Windows users, I would like to propose to test their domain using the following tool at http://www.intodns.com/
