How to Disable DNS Recursion

Disabling DNS Recursion deactivates the server’s ability to perform DNS lookups for domains no longer in its cache. Enabling DNS Recursion allows remote computers to use the server as its own DNS server, basically a public DNS server. This obviously has many security vulnerabilities. To resolve this, a checkbox in the DNS Server options needs to be checked and network cards and SmarterMail need to be configured to use Private Network DNS Servers to perform any DNS lookups on the server’s behalf.

Network Card Properties

For each network card (Public & Private), go to the Properties and go to TCP/IP properties. Ensure both DNS servers are set as follows:
  • Primary DNS Server: 8.8.8.8
  • Secondary DNS Server: 8.8.4.4

SmarterMail Configuration (if installed)

Log in as Admin. Go to the Settings -> General Settings -> Server Info Ensure both DNS servers are set as follows:
  • Primary DNS Server: 8.8.8.8
  • Secondary DNS Server: 8.8.4.4

DNS Server Properties

Open Start > Administrative Tools > DNS, and expand the Server node & the Forward Lookup Zones folder.
Right-click on the server name and choose Properties.
Click on the Advanced tab Check the Disable DNS Recursion checkbox.
Click Apply/OK Right-click on the server name and choose Clear Cache.
Right-click on the server name, go to All Tasks, and choose Restart.

Add Feedback