Disable Recursion for DNS

Overview

SoftLayer DNS servers perform recursion by default. Recursion allows your DNS server to contact other DNS servers to assist in resolving domain names when it cannot resolve the domain itself. While recursion can prove to be useful tool when it is necessary, it also opens the DNS server open to attack, which could take down the DNS server altogether. Recursion is generally only necessary when there is a known need for it; administrators will generally identify that need and act accordingly. If recursion is not a known need for your DNS server, it is best to disable recursion. Follow the steps below based on your operating system or control panel to disable DNS recursion.

Disable Recursion in Plesk

  1. Log into the Plesk Admin Panel.
  2. Select Tools and Settings.
  3. Click DNS Template Settings from the section.
  4. Select Localnets from the DNS Recursion section.
  5. Click the OK button.

Disable Recursion in Windows Server 2003 and 2008

  1. Access the DNS Manager from the Start menu:
    • Click the Start button.
    • Select Administrative Tools.
    • Select DNS.
  2. Right click on the desired DNS Server in the Console Tree.
  3. Select the Proprerties tab.
  4. Click the Advanced button in the Server Options section.
  5. Select the Disable Recursion checkbox.
  6. Click the OK button.

Disable Recursion in Linux

  1. Locate the BIND configuration file within the operating system. The BIND configuration file is usually located in one of the following paths:
    • /etc/bind/named.conf
    • /etc/named.conf
  2. Open the named.conf file in your preferred editor.
  3. Add the following details to the Options section:
    allow-transfer {"none";};
    allow-recursion {"none";};
    recursion no;
  4. Restart the device.