Every action on the Internet relies on the Domain Name System (DNS), which lists, tracks, and matches domain names to machine-readable IP addresses to make sure traffic gets where it's meant to go. Because it's such a basic part of the Internet, many organizations take it for granted—and that's made the world's 30 to 50 million DNS servers an increasingly popular cyber attack vector.
A recursive DNS server’s only function is to resolve user requests. It has no way of knowing whether the connection it enables is good or bad. At many enterprises, firewalls do not inspect the port that DNS servers use to listen for queries. Often, the default firewall configuration is to allow inbound DNS requests from the public Internet so that a DNS service can respond.