Symptoms

I would like to disable DNS recursion; the PCI compliance check fails because recursive DNS queries are allowed.

Resolution

To disable recursive DNS queries follow these steps:

  1. Log in to Parallels Plesk Panel as the administrator.
  2. Go to Tools and Utilities > General Settings: DNS Template > DNS Recursion tab.
  3. Switch the recursion setting to Deny and click the Set button.

To allow localhost queries, follow these steps:

  1. Log in to the Plesk server as the administrator.
  2. Open the file %plesk_dir%\dns\etc\named.user.conf for editing.
  3. Set the following entry:
    allow-recursion  {localhost; }; 
    
  4. Restart the DNS server. If he Microsoft DNS server is used, the Deny option cannot be selected. Select Allow for local requests only, or switch the DNS server to the BIND DNS server on Tools & Settings > Server Components.

WARNING: If DNS recursion is disabled, then the DNS server must not be used as the default resolver by any other server or service. Otherwise, attempts to resolve external names will fail due to disabled recursion, which may lead to problems. For example, the mail server will not be able to send mail out since all attempts to resolve MX records for external domains will fail.

Leave a Reply

Your email address will not be published. Required fields are marked *