1. Home
  2. Cloud & Dedicated Servers
  3. Domain Name Services (DNS)
  4. How to Disable Recursion on a Windows DNS Server

How to Disable Recursion on a Windows DNS Server

Note: If your server has a legitimate need to perform DNS recursion (example – you have applications that need to resolve external DNS), you can alternately disable and/or scope the local Windows Firewall rule that allows incoming DNS requests.  

Windows 2003:  Uncheck or remove any rules for DNS, DNS.exe or exceptions for port 53.
Windows 2008 and higher:  You’ll want to disable or scope both DNS TCP and DNS UDP rules.


To disable DNS Recursion in Windows DNS:


  1. Open DNS Manager (To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.)

  2. In the console tree, right-click the applicable DNS server, then click Properties.

  3. Click the Advanced tab.

  4. In Server options, select the Disable recursion check box

  5. Under the Root Hints tab, delete all root hints entries, and then click OK.

  6. Restart the DNS service (from the Services control panel)




How to disable recursion:

Disable DNS Recursion


How to delete root hints:

Delete Root Hints



For further reading:



Why DNS Recursion should be disabled for public access:




Content retrieved from: https://support.appliedi.net/kb/a1010/how-to-disable-recursion-on-a-windows-dns-server.aspx.

Updated on November 11, 2019

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!