Hey guys I have a client in my top clients that I dont recognize. Is there a way to have them blocked from using this. As of right now I am using a droplet from digital ocean so it is out there on the web.
Stop this! You really don't want to be doing this, unless you're 100% certain you know exactly what you're doing, and how to safeguard it. And even then, don't do it.
Set it up as an openVPN server, instead. You can follow our very detailed guide from the wiki here:
I run a similar setup, and had similar unidentified clients using the DNS resolver.
Solution was to enable UFW (or iptables, ymmv), whitelist all ip ranges you own/use, and deny all other requests to port 53.
I would use MAC addresses to filter on top as well just to be sure (though they can be spoofed but hard to guess).
Most often, users do not have a fixed IP address (well at least no fixed IPv4 address), so filtering by address range might not be such a good idea. I can only recommend to use a VPN instead and only route the DNS information (let normal traffic bypass the VPN). We have an extensive Wiki on this:
P.S.: When you run an open resolver, it is only a matter of time until somebody will find you and make a note in his list that you are a suitable candidate for a DNS amplification attack. They may even hammer your system with thousands of requests just to monitor the performance of your system. If they manage to send/receive several thousand requests within a short amount of time, they are very lucky to have found you...
I agree, a VPN is way more secure and convenient/easy to use and administer.