Windows server “Disable recursive dns”

Amin Mohammadi 96 Reputation points

I've disabled DNS recursion in my DNS server (Operating System: Windows server core 2019) using this method how-to-disable-recursion-on-a-windows-dns-server, Also I've executed this commands in my DNS server PowerShell

Set-DnsServerRecursion -Enable $False

But still when I run

nslookup 'some random domain' 'My dns server IP Address'

in my PC, It answers like this:

Non-authoritative answer:
Name: some domain name
Address: IP address

But actually it should be *** UnKnown can't find some domain name: Query refused
I've removed all root hints, even I've removed C:\Windows\System32\dns\cache.dns.

What's I'm doing wrong? Any help?

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
942 questions
No comments
{count} votes

Accepted answer
  1. Amin Mohammadi 96 Reputation points

    For everyone who stuck in this issue, At the end I've used DNS Policies to just allow my domain and block other domains requests.

    Add-DnsServerQueryResolutionPolicy -Name "BlackholePolicy" -Action DENY -FQDN "NE,*.mydomain"

    Also you can use IGNORE instead of DENY.

0 additional answers

Sort by: Most helpful