Should i disable DNS recursion?
Depends on the needs of your business. If you have clients connecting to this DNS server and asking it for names that are not on your network, such as google.com, facebook.com, yahoo.com, whitehouse.gov, etc... since your DNS server is not authoritative for those domains you must use Recursion or else name resolution will fail for external domain names not hosted on your DNS server. Most work places do allow internet access, however, if you are in a very tightly-controlled network (in which case if you need extraordinary security you shouldn't be connected to the internet anyway,) disabling recursion will prevent name resolution of names that your DNS server is not authoritative for. Also worth noting that if you disable recursion, then there's no point in adding forwarders as they will not be used. (Root hints also will not be used if recursion is disabled.)