Table of Contents

Open Domain Name System Resolver

An Open DNS Resolver is a DNS server that is configured to provide recursive DNS lookup services to any user on the internet.

DNS resolvers that allow requests from all IP addresses and are exposed to the internet can be vulnerable to attacks and may be used to conduct Denial of Service (DoS) attacks on behalf of malicious actors. This essentially turns your server into an unwitting facilitator for large-scale attacks. A common form of such an attack is the Distributed Denial of Service (DDoS) through a DNS amplification attack.

In this attack method, the attacker sends a DNS name lookup request to an open DNS server by spoofing (or faking) the source IP address of the DNS request. As a result, the response is not sent back to the computer that initiated the request but is directed to the victim.

The open DNS resolver, failing to verify the query IP address, forwards a large DNS cache file to the victim’s IP address. The attack persists as long as the attacker continues to send fake queries. This is termed “amplification” because the spoofed requests demand all available information about the requested DNS zone, resulting in a response that is 10 to 20 times larger in size. As a result, a significant amount of traffic is generated with minimal effort.

Checking for an Open Resolver:

You can perform a simple test from your command shell.

dig +short test.openresolver.com TXT @your-vps-ip-address

If it’s open, the response will show “open-resolver-detected.”

How to Close an Open DNS Resolver:

1. One method is to restrict incoming DNS queries using a firewall.

2. If you run an authoritative-only name server:

Open your DNS server’s main configuration file with a text editor (this example assumes you are using BIND).

vi /etc/named.conf

Add the following lines to disable recursion.


     allow-query-cache none;

     recursion no;


Then restart the name server:

/etc/init.d/named restart


Post Your Comment