What Is DNS Recursion And Why Should I care?

Hello and welcome to an occasional post from me, as a direct result of my working life, and some tech tips I come up with now and again to fix things.

DNS recursion is one of those things I came across when moving my web site from an in-house server to a cloud-based much faster server at Vultr, whom I highly recommend if you want a dedicated virtual private server.

I use a Windows-based DNS (Domain Name System) server called Simple DNS. I have used it for years, but only in-house.

When I moved, I got a new IP address for my cloud-based server, as you would. I then found that oddly, some devices, Emma’s Galaxy S5 was one, would not load any web sites, instead giving an error, something to the effect of bad domain config, or DNS Probe Failed, or other such errors.

I was racking my little brain for a couple of weeks over this. I had written to JH Software, the developers of SimpleDNS for support and they had made a couple of suggestions, which didn’t fix the problem. What was odd though is that newer devices like my Nexus 6P and Angie’s iPhone were going on the web with no problem, but maybe a bit slow.

It seemed that telling my router to use Google’s open DNS servers, which do allow recursion, 8.8.8.8 and 8.8.4.4 would work, even for the Galaxy S5, but when I pointed to my own IP address as the primary DNS server from my router, then the S5 couldn’t get out when connected to our wi-fi.

Eventually, I got it. It was DNS recursion. As a security measure, recursion should be disabled on your own DNS server, other than for clients from your own IP address. If recursion is not available to you, then you won’t reach many web sites.

For an explanation of DNS Recursion, please read this article I found here:-

SimpleDNS Recursion

The solution was to go into Tools, Options in SimpleDNS go down to the option called Recursion in the DNS branch and enable recursion from non-local IP addresses, but only for trusted IP’s then add your ISP’s public IP address allocated to you.

I hope this helps some network server admins scratching their heads if they run a DNS server and wondering why they can’t get out on all devices.