How to disable recursive DNS service on the firewall by CLI?
Zyxel Employee
Scenario :
Some Internet Service Providers may offer recursive DNS service. Once the firewall/router is assigned a public IP, external Internet users can execute a DNS query via the public IP (e.g., using 'nslookup www.google.com [public IP address]'). However, this behavior may impose additional load on the firewall/router. This article will guide you on how to disable it by the CLI. Regarding this FAQ article: How to disable recursive DNS service on the firewall? We already guide you on how to disable recursive DNS service on the device Web-GUI. You also can use CLI to disable this function.
Answer :
Disable CLIs:
Router# configure terminal
Router(config)# ip dns security-options default
Router(config-ip-dns-security-options)# no recursion activate
Router(config-ip-dns-security-options)# no additional-from-cache activate
Router(config-ip-dns-security-options)# exit
Once you complete the disable CLIs and navigate to System > DNS > Advance > Security Option Control will find those two options are set to deny.
If you want to enable it again, please refer to below Enable CLIs :
Router# configure terminal
Router(config)# ip dns security-options default
Router(config-ip-dns-security-options)# recursion activate
Router(config-ip-dns-security-options)# additional-from-cache activate
Router(config-ip-dns-security-options)# exit
See how you've made an impact in Zyxel Community this year!
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight