An open DNS resolver is a DNS server that responds to recursive DNS queries from any IP address on the internet. This article will show you how to disable open DNS resolvers on Windows.
The way this attack works is pretty simple. An attacker might induce your server to participate in a DDoS by sending it a recursive DNS query that returns a big quantity of data; considerably larger than the original DNS request packet because your server will resolve recursive DNS searches from anyone.
They'll send this extra traffic to their victims' computers instead of their own They'll make as many requests to your server as they can, as well as any other open DNS resolvers they can find by impersonating their IP address. In this way, someone with a small pipe can “amplify” a denial of service attack by directing a significantly larger volume of data at their victims.
Solving DNS recursion in Windows Server
A firewall, such as the built-in Windows firewall, can be used to block external DNS requests. Because Windows DNS does not allow you to limit the addresses to which recursive DNS requests are answered, Microsoft recommends this solution.
Once you are logged into the server, open the Windows firewall and advanced security and select the ‘Inbound Rules’.
Select the ‘DNS rules (TCP and UDP)’, and add the following IP addresses in the Remote IP address column:
- Any public IP addresses assigned to your VPS
- Any internal IP addresses that your VPS has (if you are using an internal network)
How to Disable Recursion on a Windows DNS Server
- Once you are logged into the server, you will need to open the 'DNS manager'
- Right-click on the preferred DNS server and select 'Properties'
- Select the 'Advanced' tab
- Check the 'Disable recursion' box in 'Server options' and click ‘OK’
- The open DNS resolver on this DNS server is now disabled.