Open Resolver

A recursive DNS resolver that accepts queries from any source IP on the internet, instead of restricting service to its operator's own users.

An open resolver is a recursive DNS server that answers queries from anyone, not just its operator's customers or internal users. Some are intentional (Cloudflare 1.1.1.1, Google 8.8.8.8, Quad9 9.9.9.9), but most are misconfigured home routers, cable modems, or hosting servers. The problem is that open resolvers are the abused infrastructure in DNS amplification DDoS attacks: attackers send small spoofed queries and the resolver reflects large answers at the victim. The Open Resolver Project and Shadowserver still track hundreds of thousands of unintentionally open resolvers; closing them is one of the standard hardening tasks for any DNS deployment.

Reference

RFC 5358 (BCP 140)

Related terms

DNS Amplification
Recursive Resolver
DNS Resolver

Referenced on

Complete Guide to DNS Attacks and DNS Security (Prevention, Testing & Mitigation)
DNS Amplification Attack Explained: How Open Resolvers Enable Massive DDoS
What Is an Open DNS Resolver? Why It's Dangerous and How to Fix It

Back to the full glossary

Reference

Related terms

See also

Referenced on