[AdrenalinMd]

UDP doesn't require a handshake hence is easy to spoof unlike TCP where a full-duplex connection must be established for a successful connection.

[summerdown2]

Yes, that's my point. If we move to TCP we fix the issue. At the moment I can't see how closing open servers is a real fix.

[pixl97]

Moving from UDP back to TCP on large packets is a mixed bag. TCP is slow, very slow. At one time DNS packets were limited to 512 bytes and had to use TCP for more data, but over time the number of UDP packets over 512 bytes increased greatly. Going back to the smaller packet size would impact a large number of users with longer load times, especially on wireless devices.

Closing open DNS servers isn't a real fix. The people who need to fix it are the lest likely to have a clue there is a problem in the first place.