Open DNS
The default configuration of many domain name servers (DNS) can leave you vulnerable to cache spoofing attacks and allow spammers to steal resources from your servers. To protect against these attacks, it is strongly recommended that any name server exposed to the Internet be configured to act non-recursively for all but trusted networks. These links can help you close recursive DNS and fix the problem.
Text from “Permitting recursion can allow spammers to steal name server resources”
Open DNS background
Permitting recursion can allow spammers to steal name server resources - www.securityfocus.com/archive/1/336958
DNS Cache Poisoning: The Next Generation - www.lurhq.com/dnscache.pdf
Open DNS — Bad Idea - www.netwidget.net/books/apress/dns/info/open.html
Close Open DNS
How to prevent DNS cache pollution - support.microsoft.com/default.aspx?scid=kb;en-us;241352
Fixing Open DNS Servers - www.dnsstuff.com/info/opendns.htm
Check for Open DNS
Open Resolver Check Tool - dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
DNS Flood Detector - www.adotout.com/dnsflood.html
DNS Report - www.dnsreport.com/
This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 04-Jul-2007