In this knowledgebase, we'll walk you through disabling DNS recursion and deleting root hints on a Windows server.
1. Login to your VPS/Dedicated server through Remote Desktop.
2. Go to
Start >>
Administrative Tools >>
DNS. This will launch
DNS Manager console as shown below.
3. On the
DNS Manager window, select the server name and then right click on it. Select
Properties option.
4. On the next screen, select
Advanced tab, and make sure that
Disable recursion (also disabled forwarders) option is checked. Click on
Appy and then
OK button.
5. On the same window, select
Root HInts tab. If you see any FQDN entry in the
Name servers box, select and delete it by clicking on the
Remove button. Make sure that you remove each and every FQDN entry. Once
Name servers box is empty, click on
Apply and then
OK button.
6. Once DNS recursion is disabled and root hints are deleted, we'll restart DNS server to take the changes into effect. To do the same, select the server name, go to
All Tasks >>
Restart. This will restart the DNS server.
Adding . Forward Zone
1. Select the server name and right click on it. Select
New Zone option.
2. On the
New Zone Wizard, click on
Next button.
3. Keep all options as it is, and click on
Next button.
4. Keep all options as it is, and click on
Next button.
5. Specify . in the
Zone name box, and click on
Next button.
6. Keep all options as it is, and click on
Next button.
7. Keep all options as it is, and click on
Next button.
8. Click on
Finish button to complete the wizard. That's it, your server is now safe from DNS amplification attacks.
