An open resolver is a category of DDoS attack infrastructure, a misconfigured DNS server that answers recursive queries from any client on the internet, and the amplification it enables is a vector a DDoS test should exercise. An attacker sends a small spoofed query to the resolver carrying the victim's source IP; the resolver returns a much larger response to the victim. With tens of thousands of open resolvers reachable, the aggregate is a high-bandwidth flood.
Why it matters in DDoS testing
Open resolvers are the classic engine of DNS amplification, turning a modest uplink into hundreds of gigabits at the target. Operators close them by restricting recursion to known clients and deploying response-rate limiting, but the population on the public internet never fully disappears. A test validates how the origin's capacity and scrubbing react to reflected DNS volume rather than direct attacker traffic.
For where amplification sits among the broader attack classes, see Understanding DDoS Attack Vectors.