1. Home
  2. How To
  3. Dedicated Server
  4. Windows Cloud Server
  5. Disable DNS Recursion As to Prevent DNS Amplification Attack for Windows & Linux
Searching...

Disable DNS Recursion As to Prevent DNS Amplification Attack for Windows & Linux

Contents

Issue

Prevent DNS Amplification Attack

Symptoms

None

Cause

None

Workaround

For Windows Server:

1. Login to the DNS server, update the preferred DNS to 208.67.222.222 & 8.8.8.8 at the Primary Network Card.
2. Launch the DNS Manager.
3. Under the DNS Console Tree -> Right Click the DNS server -> Properties.
4. Click on Forwarders Tab and Ensure the Forwarder is Clear.
5. Click on Advanced Tab and Check on the Disable recursion (also disables forwarders)

For Linux Server:

Use as many of the techniques described here as are appropriate to your installation.

  1. Inhibit incoming DNS (port 53) queries for caching or forwarding only DNS servers using a firewall
  2. If you run an authoritative-only server you should already be preventing recursion by using the following line in a global options clause: 
    # inhibit all recursion
recursion no;
  3. If you run master or slave domains and also provide recursive services on the same server (hybrid servers) then limit the scope of recursion by adding the following statement to the global options clause: 
    # use an appropriate local address scope statement
# to limit recursion requests to local users
allow-recursion {192.168.2.0/24;}; // change IPs as required

# OR if the DNS server's IPs and netmasks cover the whole 
# local network you can use:
allow-recursion {"localnets";};
  4. If you run only a caching or forwarding DNS then limit the scope of recursive queries by adding the following statement to the global options clause: 
    # use an appropriate local address scope statement
# to limit all query requests to local users
allow-recursion {192.168.2.0/24;}; //change IPs as required

# OR if the DNS server's IPs and netmasks cover the whole 
# local network you can use:
allow-recursion {"localnets";};
  5. If you run only permit recursive queries from localhost (such as in a personal resolver) then add the following statement(s) to the global options clause: 
    # hard limits on reading
listen-on {127.0.0.1;}; // or listen-on {localhost;};
listen-on-v6 {::1;};    // OR listen-on-v6 {localhost;};

# OR 
allow-recursion {"localhost";};

Additional Information

If you are unable to resolve the problem above, kindly issue a ticket to Support Team. 

Updated on March 14, 2019

Was this article helpful?

Yes No

Related Articles

Leave a Comment

Need Help?
Submit a ticket to us and let our professional team assists you

Support Billing Sales
Support
Billing
Sales