There are various situations where you would want to prevent your DNS server from performing a recursive query. Depending on what you are trying to accomplish, there are two settings that have caused confusion amongst DNS administrators.
These two settings are “Do not use recursion for this domain” found in the Forwarders tab and “Disable Recursion” found in the Advanced tab. Let’s take a look at these settings in more detail.
Do not use recursion for this domain (Windows 2000/2003)
Enabling this setting will specify that this DNS server does not attempt any further recursion if the forwarders fail in resolving the query. Normally, if the forwarders fail, your DNS server will then use the root hints available in attempts to resolve the query prior to giving up.
There may be instances where you do not want the DNS server to continue trying to resolve the query. An example might be if you are using conditional forwarding to resolve queries against a business partner’s internal zone, and if a query fails, you would not want DNS to continue the process of name resolution.
Use root hints if no forwarders are available (Windows 2008 and later)
Microsoft simplified the wording starting on Windows 2008 consoles. If this checkbox is enabled, it is the opposite of enabling “Do not use recursion for this domain” in 2000/2003. If you do not want to use the root hints if the forwarders are not available, you have to uncheck this setting. Toggling this setting (including 2000/2003 equivalent) will modify the following registry value:
Value Name: IsSlave
Value Path: HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value Type: REG_DWORD
Value Data: 0 | 1 (Default value: 0)
A value of zero (0) will result in if the forwarder servers do not respond, the DNS server issues standard iterative queries to try to resolve the remote name. A value of one (1) will result in if the forwarder servers do not respond, the DNS server terminates the search and sends a SERVER_FAILURE
response to the query.
Disable recursion (also disables forwarders) Windows 200x
If this setting is enabled, the DNS server will attempt to resolve queries only from its own database. It will not query any additional servers if the DNS server is unable to resolve the query. A DNS Administrator would normally enable this option when deploying an external facing DNS server.
Your external DNS servers should only be resolving queries for hostnames stored in your authoritative zones, unless you are an ISP and need to services end users for general name resolution.
If neither of these options are enabled, the server will attempt to resolve queries using this order:
- Local zones
- Forwarders
- Root Hints
If you need further information regarding this topic, refer to the following Microsoft resources: