Sysadmins of the North
Share now!

Good Web Security News: Open DNS Resolvers Are Getting Closed

CloudFlare writes about closing open DNS resolvers. Open DNS resolvers are one of the sources of the biggest DDoS attacks.

Closing the open DNS resolvers

This has been a rough week in the security industry with big attacks and compromises reported at companies from Facebook to Apple. We’re therefore happy to end the week with some good news: the web’s open resolvers, one of the sources of the biggest DDoS attacks, are getting closed.


The problem stems from misconfigured DNS resolver software (e.g., BIND) that is setup to respond to a query from any IP address. Since DNS requests typically are sent over UDP, which, unlike TCP, does not require a handshake, an attacker can spoof a victim’s IP address as the source address in a packet and a misconfigured DNS resolver will happily bombard the victim with responses.

Read the full article on CloudFlare’s blog:

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link:

follow me on:

Thank you!

Leave a Comment:

Skip to content