Open DNS

The default configuration of many domain name servers (DNS) can leave you vulnerable to cache spoofing attacks and allow spammers to steal resources from your servers. To protect against these attacks, it is strongly recommended that any name server exposed to the Internet be configured to act non-recursively for all but trusted networks. These links can help you close recursive DNS and fix the problem.

Text from “Permitting recursion can allow spammers to steal name server resources”

• Open DNS background
• Close Open DNS
• Check for Open DNS
• Secure DNS for end-users

Related

• Preventing Spam
• Securing Systems
• DNS Tools

Open DNS background

Permitting recursion can allow spammers to steal name server resources - www.securityfocus.com/archive/1/336958
DNS Cache Poisoning: The Next Generation - www.lurhq.com/dnscache.pdf
Open DNS — Bad Idea - www.netwidget.net/books/apress/dns/info/open.html

Close Open DNS

How to prevent DNS cache pollution - support.microsoft.com/default.aspx?scid=kb;en-us;241352

Check for Open DNS

Open Resolver Check Tool - dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
DNS Flood Detector - www.adotout.com/dnsflood.html
DNS Report - www.dnsreport.com/

Secure DNS for end-users

You can switch to using name service providing by someone other than your ISP. This can make your browsing experience more secure, since these services can be designed to filter out malware and phishing, or apply the latest approaches to DNS security that your ISP might not have got round to. Try using namebench to see if they will be faster for you, too.

Google public DNS - code.google.com/speed/public-dns/
OpenDNS - www.opendns.com/
ScrubIT - www.scrubit.com/
DNS Advantage - www.dnsadvantage.com/