Disabling or Enabling DNS Recursion on Your Bind Server
Author Article Reference NumberAA-05212 Views6876


DNS recursion is enabled by default on your Bind Server. With recursion enabled, the DNS server queries other DNS servers on behalf of the requesting client to fully resolve the name, before sending the answer back to the requesting client. Since this setting can increase your vulnerability to a DNS amplification attack, you should disable this option on your server if your DNS server is not intended to receive recursive queries.

This article explains how to enable or disable DNS recursion on your Bind Server with or without WHM / Cpanel Control Panel (if you have a Linux VPS with Plesk Control panel please see the article for Plesk DNS recursion here):

1) Connect to your server via SSH (Secure Shell) using your root credentials. You can locate your root credentials via your Control Panel ( https://manage.myhosting.com) under the VPS Management section.

2) After connecting to your server, check your named.conf file for any DNS recursion allow or disable settings.

cat /etc/named.conf | grep "recursion"

If you have any recursion yes or recursion no on your named.conf file, please take the additional steps to investigate your configuration file further.

3) Open your named.conf file using any text editor, and check the settings for recursion. (We are using nano as the text editor in this article.)

Use the command nano /etc/named.conf to open your configuration file (Alternatively you can use vi: /etc/named.conf)

In the below example, the DNS recursion is only allowed for localnets.


Check any section which says recursion yes. Depending on the section that you are looking for, you will see the settings for different connection types.

4) If you want to change the settings for external DNS recursion only, find the section name “external” and investigate the settings. If the section is not available you can add the below lines to your named.conf file to disable the external DNS recursion.

Place the below lines under the “options” section,

allow-transfer {"none";};

allow-recursion {"none";};

recursion no;

If you already have the external section, you can change its settings by changing the “recursion” value to “yes” or “no” depending on your needs.

5) After configuring your changes, close the file. For saving on nano use CTRL + X type Y for yes, and Enter. For vi use :wq for saving your changes.

6) Restart the DNS server in order for the changes to take effect. Please use the command below to restart your DNS service:

service named restart

After following the steps above, you should now have successfully enabled or disabled your Bind server’s DNS recursion functionality.

Quick Jump Menu
Subscribe to updates Subscribe to Updates
Print Print Article