Disable OpenDNS resolver on Windows Server Operating Systems

An open DNS resolver is a DNS server that responds to recursive DNS queries from any IP address on the internet. Open DNS resolvers are abused for conducting DDoS reflection/amplification attacks against third parties on a daily basis.

 

To overcome this problem, this article presents how to disable open DNS resolvers on Windows (and only allow resolving for specific IPs), by following the actions below.



  1. Disable the DNS Recursion on your server

 

  • Log in to your server and open the “DNS Manager”.



  • Right-click on the preferred DNS server and select “Properties”.

 

 

  • Select the “Advanced” tab and check the “Disable recursion” box in “Server options”.

 

 

  • Click “Apply” and “OK”.



  1. Block external DNS requests using a built-in Windows Firewall.

 

Because Windows DNS does not allow you to limit the addresses to which recursive DNS requests are answered, Microsoft recommends this solution.

 

  • Log in to your server and open the Windows Firewall with Advanced Security.

 

  • Select the “Inbound Rules”.

 

  • Select the “DNS rules (TCP and UDP)”, and add the following IP addresses in the “Remote IP address” column:

 

  • 127.0.0.1
  • Any public IP address assigned to your server.
  • Any internal IP address assigned to your server (if you are using an internal network).

 

  • opendns, dns, dns recursion, ddos
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Enable GUI on Ubuntu Server (18.04/20.04)

In this article, we take a look at how to install GUI on Ubuntu server 18.04 and 20.04. Because...

Enable GUI on Ubuntu Server (18.04/20.04)

In this article, we take a look at how to install GUI on Ubuntu server 18.04 and 20.04. Because...

Enable GUI on Ubuntu Server (18.04/20.04)

In this article, we take a look at how to install GUI on Ubuntu server 18.04 and 20.04. Because...

Upgrading/Downgrading Resources - Virtual Private Cloud

In this guide, you will learn how to upgrade or downgrade the resources on your Virtual Private...

CSF Installation for Linux

In this article you will learn how to install CSF (ConfigServer Security & Firewall) on your...