Open DNS
The default configuration of many domain name servers (DNS) can leave you vulnerable to cache spoofing attacks and allow spammers to steal resources from your servers. To protect against these attacks, it is strongly recommended that any name server exposed to the Internet be configured to act non-recursively for all but trusted networks. These links can help you close recursive DNS and fix the problem.
Text from “Permitting recursion can allow spammers to steal name server resources”
Open DNS background
Permitting recursion can allow spammers to steal name server resources - www.securityfocus.com/archive/1/336958
DNS Cache Poisoning: The Next Generation - www.lurhq.com/dnscache.pdf
Open DNS — Bad Idea - www.netwidget.net/books/apress/dns/info/open.html
Close Open DNS
How to prevent DNS cache pollution - support.microsoft.com/default.aspx?scid=kb;en-us;241352
Check for Open DNS
Open Resolver Check Tool - dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
DNS Flood Detector - www.adotout.com/dnsflood.html
DNS Report - www.dnsreport.com/
Secure DNS for end-users
You can switch to using name service providing by someone other than your ISP. This can make your browsing experience more secure, since these services can be designed to filter out malware and phishing, or apply the latest approaches to DNS security that your ISP might not have got round to. Try using namebench to see if they will be faster for you, too.
Google public DNS - code.google.com/speed/public-dns/
OpenDNS - www.opendns.com/
ScrubIT - www.scrubit.com/
DNS Advantage - www.dnsadvantage.com/
This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 02-Jan-2010