Disable root hint lookup

Question

_{Thursday, May 16, 2013 9:28 PM}

I have disabled Recursion on my DNS server, but now when doing a "nslookup google.com xxx.xxx.xxx.xxx" still get something like this with corresponding IP Addresses

.       nameserver = A.ROOT-SERVERS.NET.
.       nameserver = B.ROOT-SERVERS.NET.

.       nameserver = C.ROOT-SERVERS.NET.

.       nameserver = D.ROOT-SERVERS.NET.

.       nameserver = E.ROOT-SERVERS.NET.

.       nameserver = F.ROOT-SERVERS.NET.

Can anyone tell me how I can prevent this from happening and instead get a "refused" response from my server instead? It would be the equivalent of

 "additional-from-cache no;" in a Bind environment

thanks

All replies (5)

_{Tuesday, May 21, 2013 12:21 PM ✅Answered}

Hi guys, thanks for the suggestions. In the end I just disabled lookups from the external interface

_{Friday, May 17, 2013 1:31 PM}

you could remove the root hints if you would like to allow only forwarders and local zones to be used for resulotion

Update Root Hints on the DNS Server

you can disable recursion if you will not use forwarders either:

Disable Recursion on the DNS Server

You should be aware that dns configuration has small differences over different versions of Windows OS (especially the behavior of forwarders and recursion). There is even a nice 'bug' leftover in 2008 (not R2): http://support.microsoft.com/kb/2001154

MCP/MCSA/MCTS/MCITP

_{Saturday, May 18, 2013 6:19 PM}

Hi BMIG,

Just to add the URL for Disable Recursion on the DNS Server in SenneVL’s post.

Disable Recursion on the DNS Server

http://technet.microsoft.com/en-us/library/cc771738.aspx

Thanks.

Jeremy Wu
TechNet Community Support

_{Sunday, May 19, 2013 3:05 PM}

Hi, 

if you have successfully disable root hints from you DNS server, you may try to clear cache from DNS server, or ipconfig /flushdns to delete cache DNS records. 

Regards

Anup Kumar

_{Tuesday, May 21, 2013 7:25 AM}

Hi BMIG,

Is there any update?

Thanks.

Jeremy Wu
TechNet Community Support