How to disable recursive DNS service on the firewall GUI?
Zyxel Employee
Scenario :
Some Internet Service Providers may offer recursive DNS service. Once the firewall/router is assigned a public IP, external Internet users can execute a DNS query via the public IP (e.g., using 'nslookup www.google.com [public IP address]'). However, this behavior may impose additional load on the firewall/router. This article will guide you on how to disable it.
Answer :
Firstly, note that the default security policy 'WAN_to_Device' doesn't allow DNS service ports (TCP/UDP port 53), preventing external users from executing recursive DNS queries to the firewall.
Secondly, please navigate to System > DNS > Advanced > Set 'Query Recursion' and 'Additional Info from Cache' to 'deny', as shown below:
Once these settings are configured, you can disable the recursive DNS service.
See how you've made an impact in Zyxel Community this year!
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 291 USG FLEX H Series
- 280 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 253 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 75 Security Highlight