How to close an open DNS resolver

The DNS server that we have created in the previous tutorial is an open DNS resolver. An open resolver does not filter any incoming requests, and accepts queries from any source IP address. Unfortunately, an open resolver can become an easy target to attackers. For example, attackers can initiate a Denial of Service (DoS) or even worse, a Distributed Denial of Service (DDoS) attack on the open DNS server. These attacks can also be combined with IP spoofing, where all the reply packets will be directed to a victim’s spoofed IP address.