DNS: The difference between "Do Not Use Recursion" and "Disable Recursion"

In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a server's Properties -> Forwarders tab is the setting Do not use recursion for this domain. On the Advanced tab you will find the confusingly similar option Disable recursion (also disables forwarders).

Recursion refers to the action of a DNS server querying additional DNS servers (e.g. local ISP DNS or the root DNS servers) to resolve queries that it cannot resolve from its own database. So what is the difference between these settings?

The DNS server will attempt to resolve the name locally, then will forward requests to any DNS servers specified as forwarders. If Do not use recursion for this domain is enabled, the DNS server will pass the query on to forwarders, but will not recursively query any other DNS servers (e.g. external DNS servers) if the forwarders cannot resolve the query.

If Disable recursion (also disables forwarders) is set, the server will attempt to resolve a query from its own database only. It will not query any additional servers.

If neither of these options is set, the server will attempt to resolve queries normally:
... the local database is queried
... if an entry is not found, the request is passed to any forwarders that are set
... if no forwarders are set, the server will query servers on the Root Hints tab to resolve queries beginning at the root domains.

Author: ASAK
Created: Sep 21 2005 (last modified Jan 22 2008)
Categories: Windows 2000 Server - Windows 2003 Server
TechByte #31

Warning: By visiting this site and/or by using any information contained herein, you agree to the Techbytes.ca terms of use.


Comment posted by 'Stoun' on Apr 29 2007 @ 01:02:53
REALLY good explanation. Thanks
Comment posted by 'MMM' on May 26 2007 @ 20:19:03
I think that this explanation is incorrect. "Do not use recursion for this domain" means that the server is a slave to its own forwarder(s) - that is, it cannot resolve any queries itself by using recursive queries to other DNS servers should the forwarder fail. This is correctly stated in the initial explanation.

However, the "Disable Recursion" setting does not function as suggested. Disabling recursion on a server prevents that same server from acting as a forwarder itself, by stopping it from accepting recursive queries. It does not prevent the server from using other servers as forwarders
Comment posted by 'JT' on Aug 11 2007 @ 17:26:40
Actually you are wrong. Disabling recursion from the Advanced tab DOES prevent the server from using forwarders. Go ahead and try it on a test server. When recursion is disabled, all previously defined entries on the Forward tab are now grayed out and clients exclusively using this DNS server can no longer resolve external queries.
Comment posted by 'KH' on Nov 7 2007 @ 20:46:10
JT is right.
Comment posted by 'SN' on Jan 20 2008 @ 10:17:12
Thsta the clearest explanation I've heard 10/10
Comment posted by 'ABD1971' on May 5 2008 @ 22:44:14
Very clear explanation 100%
Comment posted by 'MS' on Sep 9 2008 @ 04:37:11
JT's right.

Add a comment about this TechByte

If you wish to add a comment regarding this TechByte, please use the form below. Please note that by submitting comments using this form you are allowing all of the information submitted to be visible on this website. Any comments submitted using this form will only be shown on the website if they are approved by the administrators of this site. IF APPROVED, COMMENTS MAY TAKE SEVERAL DAYS TO BE POSTED.

Posted By: (Optional)

Comments:


Other TechBytes: