Article ID: 127861, created on Dec 25, 2015, last review on Dec 25, 2015

  • Applies to:
  • Virtuozzo containers for Windows 4.6


I would like to disable DNS recursion; the PCI compliance check fails because recursive DNS queries are allowed.


To disable recursive DNS queries follow these steps:

  1. Log in to Parallels Plesk Panel as the administrator.
  2. Go to Tools and Utilities > General Settings: DNS Template > DNS Recursion tab.
  3. Switch the recursion setting to Deny and click the Set button.

To allow localhost queries, follow these steps:

  1. Log in to the Plesk server as the administrator.
  2. Open the file %plesk_dir%\dns\etc\named.user.conf for editing.
  3. Set the following entry:

    allow-recursion  {localhost; }; 
  4. Restart the DNS server. If he Microsoft DNS server is used, the Deny option cannot be selected. Select Allow for local requests only, or switch the DNS server to the BIND DNS server on Tools & Settings > Server Components.

WARNING: If DNS recursion is disabled, then the DNS server must not be used as the default resolver by any other server or service. Otherwise, attempts to resolve external names will fail due to disabled recursion, which may lead to problems. For example, the mail server will not be able to send mail out since all attempts to resolve MX records for external domains will fail.

d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223 6c20476fe6c3408461ce38cbcab6d03b 965b49118115a610e93635d21c5694a8

Email subscription for changes to this article
Save as PDF