Windows server “Disable recursive dns”

Amin Mohammadi 96 Reputation points
2020-12-27T13:41:42.907+00:00

I've disabled DNS recursion in my DNS server (Operating System: Windows server core 2019) using this method how-to-disable-recursion-on-a-windows-dns-server, Also I've executed this commands in my DNS server PowerShell 

Set-DnsServerRecursion -Enable $False
Clear-DnsServerCache

But still when I run 

nslookup 'some random domain' 'My dns server IP Address'

in my PC, It answers like this: 

Non-authoritative answer:
Name: some domain name
Address: IP address

But actually it should be *** UnKnown can't find some domain name: Query refused
I've removed all root hints, even I've removed C:\Windows\System32\dns\cache.dns.

What's I'm doing wrong? Any help?

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments
Accepted answer
  1. Amin Mohammadi 96 Reputation points
    2020-12-27T15:32:36.223+00:00

    For everyone who stuck in this issue, At the end I've used DNS Policies to just allow my domain and block other domains requests. 

    Add-DnsServerQueryResolutionPolicy -Name "BlackholePolicy" -Action DENY -FQDN "NE,*.mydomain"

    Also you can use IGNORE instead of DENY.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest