Open Recursive DNS

What is DNS?

To find a Web site, e.g www.zen.co.uk, a computer needs to translate the domain name www.zen.co.uk into a series of numbers, called an IP address. This IP address can be used by a computer to find where a site is and how to send information to and from it.

To achieve this task, a computer sends the name www.zen.co.uk to an Internet server called a Domain Name Service (DNS). The DNS server's job is to translate the domain name, into the IP address. To do this the DNS server has a list of domain names and IP addresses so it can look them up and return the IP address to your device.

diagram depicting a computer sending a website to a server, then back to the computer and out to the internet

What is an Open Recursive DNS Server?

A recursive DNS server is a device which is able to translate domain names to IP addresses when told to do so much like a DNS. However if it does not have the right information, it will contact other DNS servers then pass the information on.

An Open Recursive DNS server will respond to anyone with this information. Anyone in the world can ask this server to translate the domain name to IP address and it will respond to them with the answer.

Why is it a problem?

It is possible for someone to send a request to the DNS server and make it look like it has come from someone else, so the response from the server can go to the wrong person.

This causes problems when people maliciously use this to attack remote networks. For example if 200 servers were responding at the same time, to the same connection, it could easily bring down a large company's Internet connection.

How do I know if I'm affected?

If we have identified that you are using a Recursive DNS Server. You should have had an email from us. In this email we will have provided you instructions on what this means and how to fix it.

How am I contributing to it?

If your Broadband service is responding to DNS requests, it means there is something at the end of your connection acting as an open recursive DNS Server. This means you might be included without your knowledge in an attack on another company’s network as described above.

In addition to affecting another networks, it would also degrade your connection to the extent where it could become slow or unstable.

How am I contributing to it?

There are several reasons why your line might respond like an open recursive DNS server;

You may have a virus. A virus may be responding to the DNS requests. If this is the case, running a virus scan using the latest virus definitions available on all devices on your network should find and remove the virus.
You may have a recursive DNS server running. If this is the case you will need to restrict the server to only reply to known sources or install software to protect against the server being exploited in this way. Unfortunately Zen cannot advise any further on this issue.
Your Broadband hardware may be responding. Some routers are set to respond to DNS requests by default. In most cases this function can be turned off by logging into the router and setting it to not respond to DNS requests. For more information on how to do this please contact the hardware manufacturer for advice.