I received a ticket stating that one of my Linodes is running an Open DNS Resolver. What does this mean, and what should I do about it?

Receiving this ticket means that we have either detected or received a report that your Linode is recursively resolving DNS requests for the public internet.

The main issue here is that this type of configuration allows your Linode to be used in DNS amplification attacks, since anyone can use it to resolve recursive DNS queries. We recommend reading more about DNS amplification attacks at the following links:

• US-CERT Advisory on DNS Amplification attacks
• Cloudflare Learning Center - DNS Amplification DDoS Attack
• Imperva Learning Center - What is DNS Amplification

You can use a tool like nmap or dig, or a website like openresolver.com to check if your Linode is allowing recursive DNS lookups:

• Nmap: dns-recursion script
• CERT-BUND: How to check for DNS Open Resolvers with dig
• https://openresolver.com/

To resolve this issue, you should disable DNS recursion or limit recursive lookups to trusted addresses only so that your server can not be abused. For example, if you are running BIND 9 you can adjust your global named.conf file to contain the following options:

options {
recursion no;
additional-from-cache no;
allow-query { none; };
};

This will disable recursive lookups. If you need to allow recursive lookups, you should configure ACLs for trusted addresses in your named.conf.options file like so, substituting the addresses as needed:

    acl authorized {
            192.168.1.0/24;
            192.168.0.0/24;
            192.168.2.112/32;
            localhost;
    };

Then, adjust your named.conf file to only allow queries from the addresses in your ACLs:

options {
recursion yes;
additional-from-cache no;
allow-query { authorized; };
};

Finally, you should restart the BIND service to pull in the changes, e.g.:
sudo systemctl restart bind9