Interesting, not unexpected.

> what is the problem with open, recursive resolvers?

As far as I can understand, open recursive resolvers, or "open recursive name servers", are
DNS servers that are incorrectly configured to answer DNS requests recursively for public.
(Normally there are two types of DNS servers: authoritative ones which answers queries using
their own information to the public and never initiates queries themselves, and caching (or
recursive) ones which answer queries from only a limited (reads: trusted) set of computers and
will "recurse", i.e., initiate queries to find answers to queries that they don't know how to
answer themselves.)

The two properties that don't mix are (1) public and (2) initiate requests to get others'
information.  With both of them, an intruder can make a request to that open recursive
resolver, hoping that it will not know the answer right away and thus would initiate a
request, and fake a reply to that anticipated request.  (The DNS mechanisms to disambiguate
different replies from requests are not meant to be secure and thus not strong enough to deter
intruders.)  This causes the cache of the resolver to be "poisoned", i.e., hold information
that is faked and decided by the intruder.  E.g., from then on mail.google.com might be
pointing to their servers instead of yours.

Such incorrectly configured servers are always a problem for the users of these servers.  As
other noticed, if they instead fake entries to point to a web site, that site will suddenly
receive a huge load of traffic.  So they are a problem for those running a server.

But they can be problems for others if intruders can cause somebody to "become" a user of that
server.  E.g., if a worm somehow causes your /etc/resolver.conf to be overwritten and point to
such a misconfigured DNS server, then you become a user.  Admittedly this requires that the
intruder already has access to your computer, but this can provide an easy back-door.