How to disable recursive DNS service on the firewall GUI?

Options
Zyxel_Jeff
Zyxel_Jeff Posts: 1,099  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited February 5 in Maintenance

Scenario :

Some Internet Service Providers may offer recursive DNS service. Once the firewall/router is assigned a public IP, external Internet users can execute a DNS query via the public IP (e.g., using 'nslookup www.google.com [public IP address]'). However, this behavior may impose additional load on the firewall/router. This article will guide you on how to disable it.

Answer :

Firstly, note that the default security policy 'WAN_to_Device' doesn't allow DNS service ports (TCP/UDP port 53), preventing external users from executing recursive DNS queries to the firewall.

Secondly, please navigate to System > DNS > Advanced > Set 'Query Recursion' and 'Additional Info from Cache' to 'deny', as shown below:

Once these settings are configured, you can disable the recursive DNS service.