In this knowledgebase, we'll walk you through disabling DNS recursion and deleting root hints on a Windows server.
1. Login to your VPS/Dedicated server through Remote Desktop.
2. Go to Start
>> Administrative Tools
. This will launch DNS Manager
console as shown below.
3. On the DNS Manager
window, select the server name and then right click on it. Select Properties
4. On the next screen, select Advanced
tab, and make sure that Disable recursion (also disabled forwarders)
option is checked. Click on Appy
and then OK
5. On the same window, select Root HInts
tab. If you see any FQDN entry in the Name servers
box, select and delete it by clicking on the Remove
button. Make sure that you remove each and every FQDN entry. Once Name servers
box is empty, click on Apply
and then OK
6. Once DNS recursion is disabled and root hints are deleted, we'll restart DNS server to take the changes into effect. To do the same, select the server name, go to All Tasks
. This will restart the DNS server.
Adding . Forward Zone
1. Select the server name and right click on it. Select New Zone
2. On the New Zone Wizard
, click on Next
3. Keep all options as it is, and click on Next
4. Keep all options as it is, and click on Next
5. Specify . in the Zone name
box, and click on Next
6. Keep all options as it is, and click on Next
7. Keep all options as it is, and click on Next
8. Click on Finish
button to complete the wizard. That's it, your server is now safe from DNS amplification attacks.