Should i disable DNS recursion?

domain-name-system active-directory domain-controller

Depends on the needs of your business. If you have clients connecting to this DNS server and asking it for names that are not on your network, such as google.com, facebook.com, yahoo.com, whitehouse.gov, etc... since your DNS server is not authoritative for those domains you must use Recursion or else name resolution will fail for external domain names not hosted on your DNS server. Most work places do allow internet access, however, if you are in a very tightly-controlled network (in which case if you need extraordinary security you shouldn't be connected to the internet anyway,) disabling recursion will prevent name resolution of names that your DNS server is not authoritative for. Also worth noting that if you disable recursion, then there's no point in adding forwarders as they will not be used. (Root hints also will not be used if recursion is disabled.)

Related

On FreeNas what is the difference between the "Permission Type" and the "Share Type" setting?
What is reasonable storage failover time that most OS (VM) can tolerate?
Can clang format add braces to single line if statements etc
When to use a react framework such as Next or Gatsby vs Create React App [closed]
How to correctly read an Interlocked.Increment'ed int field?
Resharper: Implicitly captured closure: this
Docker on CentOS 7.2: kernel:unregister_netdevice: waiting for lo to become free. Usage count = 1
Is there a way to give promo/coupon codes for people to download your app for free?
fgetcsv fails to read line ending in mac formatted csv file, any better solution?
Why do weird things in font color attribute produce real colors? [duplicate]
ImportError: No module named Image [duplicate]
JPA vs ORM vs Hibernate?