Recommendation for Internet Access Providers in the defence against Open Resolvers (see BCP140)

The Council of Hungarian Internet Providers considers it is advisable to limit by default the forwarding of IP packets coming from the end users with source port 53. The Service Provider may discard this restriction upon the request of the customer.

This way one can restrict access to the huge number of open resolvers operated in the vast majority of the cases inadvertently by the end users on their devices that run for some reason a name server that has recursive queries enabled.

The recommended setup is very much like the restriction imposed on destination port 25, an important element in the fight against the spam sending robots. This similarity is important because one can use a well-known technique, there is no need to figure out new solutions. This way the restriction can be implemented immediately with minimal effort.