Recursive DNS

[johnjgsmith]

Problem Description

VPS provider emailing me that I need to set up a recursive DNS as it was open to abuse. There were helpful suggestions in the email, but I thought it would be better if they were also in the Adguard KB or here on Github (if they are, then apologies, as I could not find it)

Proposed Solution

Update the KB or instructions on Github with the following which I received from my VPS provided) and make it more user friendly.

It is recommended that all public DNS servers (on a VPS for example) are configured to not permit recursive DNS queries. This configuration will still allow DNS for your domain names to work properly, but will prevent abuse
On Windows machines, you can disable recursive DNS:

1. Open 'Server Manager'
2. Expand Roles -> DNS Server -> DNS -> (Your Server's Name)
3. Right click on your server name, choose Properties
4. On the 'Advanced' tab, select 'Disable recursion (also disables forwarders)'
5. Click OK

On Linux machines, there are a few common DNS servers:

BIND:

1. Open your BIND configuration file
2. In the 'options' section, make sure you have 'recursion no;' and 'additional-from-cache no;'
3. Restart BIND after making any changes

DNSMasq:
Unfortunately, there is not a straight forward way to disable this within DNSMasq. You would either
need to modify the DNSMasq configuration so that it no longer listens on public IP addresses, or
firewall off UDP port 53 to all hosts except your desired ones.

[ameshkov]

Disabling recursive DNS means that your DNS server will not be able to serve any queries.

Please check out comments in this issue: #587