There was a problem loading the comments.

How to Disable DNS Recursion and Delete Root Hints on Windows Server?

Support Portal  »  Knowledgebase  »  Viewing Article

In this knowledgebase, we'll walk you through disabling DNS recursion and deleting root hints on a Windows server.

1. Login to your VPS/Dedicated server through Remote Desktop.

2. Go to Start >> Administrative Tools >> DNS. This will launch DNS Manager console as shown below.


3. On the DNS Manager window, select the server name and then right click on it. Select Properties option.


4. On the next screen, select Advanced tab, and make sure that Disable recursion (also disabled forwarders) option is checked. Click on Appy and then OK button.


5. On the same window, select Root HInts tab. If you see any FQDN entry in the Name servers box, select and delete it by clicking on the Remove button. Make sure that you remove each and every FQDN entry. Once Name servers box is empty, click on Apply and then OK button.


6. Once DNS recursion is disabled and root hints are deleted, we'll restart DNS server to take the changes into effect. To do the same, select the server name, go to All Tasks >> Restart. This will restart the DNS server.


Adding . Forward Zone

1. Select the server name and right click on it. Select New Zone option.


2. On the New Zone Wizard, click on Next button.


3. Keep all options as it is, and click on Next button.


4. Keep all options as it is, and click on Next button.


5. Specify . in the Zone name box, and click on Next button.


6. Keep all options as it is, and click on Next button.


7. Keep all options as it is, and click on Next button.


8. Click on Finish button to complete the wizard. That's it, your server is now safe from DNS amplification attacks.

Share via
Did you find this article useful?  

Related Articles

© Softsys Hosting