Open DNS Server

An open DNS server is a DNS server which is willing to resolve recursive DNS lookups for anyone on the Internet. This is similar to the better known “open relay” term used about mail servers which will forward e-mails (including spam and viruses) for anyone.

When a DNS server resolves a recursive DNS lookup, it tracks down information about a domain name hosted on some other DNS server somewhere else on the Internet (a recursive process involving several other DNS server).This DNS server feature is one of the corner stones of the whole Internet idea and is relied upon by all Internet client applications such as browsers and e-mail clients.

Unfortunately hackers have also found this feature useful in performing a special type of DDOS attack called a “DNS Amplification Attack”.
#### Ref From http://www.simpledns.com/kb.aspx?kbid=1186 ####

If you are using BIND for your DNS server you can easily Stop your server doing Recursive lookups for IP’s that dosent belong to your network. Add this In your named.conf file in the Options Section :

allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx;};

where xxx.xxx.xxx.xxx are the IP’s that your server responds to.

So the the Full Option setion might look like this :

options {
directory “/var/named”;
allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx;};
};