How to disable recursive DNS queries

Created:

2016-11-16 12:57:11 UTC

Modified:

2017-08-16 17:33:18 UTC

1

Was this article helpful?


Have more questions?

Submit a request

How to disable recursive DNS queries

Applicable to:

  • Plesk 10.x for Windows
  • Plesk 10.x for Linux
  • Plesk 11.x for Windows
  • Plesk 12.0 for Linux

Symptoms

I would like to disable DNS recursion; the PCI compliance check fails because recursive DNS queries are allowed.

Resolution

To disable recursive DNS queries follow these steps:

  1. Log in to Parallels Plesk Panel as the administrator.
  2. Go to Tools and Utilities > General Settings: DNS Template > DNS Recursion tab.
  3. Switch the recursion setting to Deny and click the Set button.

To allow localhost queries, follow these steps:

  1. Log in to the Plesk server as the administrator.
  2. Open the file %plesk_dir%\\dns\\etc\
    amed.user.conf
    for editing.
  3. Set the following entry:

    allow-recursion  {localhost; };
  4. Restart the DNS server. If he Microsoft DNS server is used, the Deny option cannot be selected. Select Allow for local requests only , or switch the DNS server to the BIND DNS server on Tools & Settings > Server Components .

WARNING: If DNS recursion is disabled, then the DNS server must not be used as the default resolver by any other server or service. Otherwise, attempts to resolve external names will fail due to disabled recursion, which may lead to problems. For example, the mail server will not be able to send mail out since all attempts to resolve MX records for external domains will fail.

Have more questions? Submit a request
Please sign in to leave a comment.