Skip to main content

Solving open resolver

The open resolver is a DNS resolver, which receives queries from every IP-address and is openly accessible on the internet. Open resolvers can be used by cybercriminals for DNS reinforcement attacks against 3rd parties, are sensitive to DNS-cache-poisoning, and can be exploited in the case of other DNS attacks.

For verifying DNS servers, we recommend the open resolver test page.

The easiest way to remedy the open resolver problem is to reduce the addresses on which the server can perform recursive queries to local sub-networks. The steps of the exact project vary based on which kind of DNS server we are using.

For more details, we suggest viewing the description of trasnip or the infoblox's related blog entry.