If your current host has open DNS you should first as why? Then at least move your dns.  Test domain here.

DDoS attacks. Name servers can be used as distributed denial of service (DDoS) attack amplifiers (the attacker sends a small spoofed UDP name service query to an open name server, forging the victim's IP address; the open name server then returns a large "answer" to the forged IP address--even though the victim didn't actually make the DNS query in the first place). If this is done on an ongoing basis with a large number of open name servers, it can flood the victim's IP address with responses from thousands (or tens of thousands) of name servers, thereby exhausting the victim's available network bandwidth). Attacks of this sort can result in multi-Gbps flow volumes.

Cache poisoning attacks. Attackers can generate spoofed traffic to open recursive DNS servers that can result in so-called "cache poisoning" attacks, whereby vulnerable caching name servers can be made to return bogus results for a user's name service queries.

The attacker "primes" the caching name server to respond to queries with an IP address of his/her choice, rather than the real/normal IP address for that site. The innocent victim asks the caching name server for the IP address of a site of interest, such as the IP address of their bank's website. If the domain name of that site happens to be one that the attacker has poisoned, the victim is automatically and transparently misdirected to a website of the attacker's choice rather than to their bank's real web page, and confidential data can then be stolen (some refer to this type of attack as "pharming").

A variant of this attack uses cache poisoning to redirect queries for popular sites (such as google.com or hotmail.com) to a site that contains a virus or other malware. If your caching name server has been poisoned, when you try to visit one of these popular sites you can unknowingly be redirected to another site that stealthily tries to infect your PC with malware.

While blocking off network recursive access to the UO's name servers won't completely eliminate the possibility of their participating in such an attack, eliminating recursive access will substantially reduce the likelihood of their being abused.

Our DNS servers that hold your vital records which are completely closed or deny recursive lookups to the world. Whether your company provides recursive DNS solely for your employees or for ISP customers, increasing the security, speed and reliability of DNS resolution keeps your organization well ahead of the competition. By outsourcing non recursive DNS functionality, or your recursive you never have to worry about updating hardware or software. You'll free up even more time to focus on core business objectives.

Recursive DNS service is a vital step in the process of resolving DNS queries. When your end user sends an email or makes any URL request, your recursive DNS server tracks down the correct IP address – effectively bringing the user to the content. (Naturally, the faster and more reliably a recursive server does its job, the better overall user experience you can expect.)

You add an additional layer of security by outsourcing your dns services to an expert DNS provider like ActiveServers. That's because we handle both recursive and authoritative services, separating and insulating each to ensure the safest possible Internet presence.

You probably haven't thought about your recursive DNS server since you installed it. But if you're looking for effective and inexpensive ways to secure your Internet presence while improving site performance, ActiveServers Recursive DNS is an ideal choice.

Increased security Increased reliability Faster Internet connections Reduced customer service costs Decreased IT costs