How to Disable DNS Recursion and Delete Root Hints on Windows Server?

  Print
In this knowledgebase, we'll walk you through disabling DNS recursion and deleting root hints on a Windows server.

1. Login to your VPS/Dedicated server through Remote Desktop.

2. Go to Start >> Administrative Tools >> DNS. This will launch DNS Manager console as shown below.

15035831648227221c0422f4c060117a53a9c773cf50e722e5.png

3. On the DNS Manager window, select the server name and then right click on it. Select Properties option.

150358324974cc25fa312a4870ba51f1d9f751fc6184a0aa80.png

4. On the next screen, select Advanced tab, and make sure that Disable recursion (also disabled forwarders) option is checked. Click on Appy and then OK button.

1503583306fc6c465d5ab32dce8f88d5bf92092557897ad0e0.png

5. On the same window, select Root HInts tab. If you see any FQDN entry in the Name servers box, select and delete it by clicking on the Remove button. Make sure that you remove each and every FQDN entry. Once Name servers box is empty, click on Apply and then OK button.

150358351638819186d473ae88e9287d36f0f6e95116520f71.png

6. Once DNS recursion is disabled and root hints are deleted, we'll restart DNS server to take the changes into effect. To do the same, select the server name, go to All Tasks >> Restart. This will restart the DNS server.

1503583871f4182f7b3ec0c7115501271de179d86217b1bdc1.png

Adding . Forward Zone

1. Select the server name and right click on it. Select New Zone option.

1503586464e1299dff0c68dd8e61399b8b57864462354827c0.png

2. On the New Zone Wizard, click on Next button.

15035866649ee1b30c3b3e5fda06625c506c4064e461f03249.png

3. Keep all options as it is, and click on Next button.

150358675187a808d3b0b5468d8044d04084769ab00b633e56.png

4. Keep all options as it is, and click on Next button.

150358691863bc39e0c8c30efedd0008ea3fbc7ff97a243270.png

5. Specify . in the Zone name box, and click on Next button.

150358693743bce5c6c87bc790862d05bc28f354a5a9ca2afe.png

6. Keep all options as it is, and click on Next button.

1503586952775df3a97f48be3c141564e8a5fda53211b6a88c.png

7. Keep all options as it is, and click on Next button.

1503586969de0c58c0f37ed25e8cd57ccaf4dce19ce576ea45.png

8. Click on Finish button to complete the wizard. That's it, your server is now safe from DNS amplification attacks.

Did you find this article useful?   0 out of 0 people found this article useful.

Related Articles

Login

 
Forgot password?
Register now

Language