Any enterprise that uses open recursive DNS is vulnerable to the following popular attacks:

To have your server abused by attackers and used as a tool of decentralized denial of service (DDoS), that might imply in the following consequences:

• The huge amount of received fake DNS consultationt and specially the amount of answers sent to the victim can consume a considerable bandwidth;
• Depending on the internet provider contract an open DNS abuse can be liable to DDoS attacks caused to third parties.

The BrbOS counts with a powerful and lightweight ACL tool to filter the clients requests (https://brbos.brbyte.com/dns/acl-control), the BrBOS also counts with a DNS IP RateLimit on wich is possible:

• Analise which clients are causing a high consumption of requests;
• Limit the received requisitions to the DNS server;
• Mitigate amplification attacks;
• Avoid sharing;
• Search by IP Address;
• Set a global consultation requisition per second limit by IP Address;
• If the consults surpass the limit set they are completely discarted and will not receive a response (SERVFAIL or other);
• The limitation happens before searching in cache, so it is possible to mitigate amplification attacks.