I originally posted this in the Microsoft Community Forums, but was informed it probably would be better to post it here.
I support a small network of users. Lately, I have been getting emails from upper management about computers/routers that have dns recursion enabled. I have gone out to multiple users and cannot stop the majority of them. I use the nmap tool that tells you if an ip has dns recursion enabled or not.
For some of the users, the problem is the router. It doesn't happen with their computer, but only with their router. I have gone through multiple different routers where I couldn't solve it. I upgraded the firmware, made sure all ip/dns settings for set for dhcp, and checked all settings and found nothing suspicious. Some of the routers had like DoS protection settings that I would try enabling and disabling or dns relay, but that didn't change anything.
Other cases I have user's computers that are coming back as having dns recursion enabled. These computers don't have any servers running, ip/dns settings are all dhcp, and malware scans haven't changed anything.
In all cases, I am able to set my dns server as these user's ip and their ip will resolve all dns requests. Would it be beneficial to know the service that is being reported on their computer, such as bind, dnsmasq, etc? Also, would knowing that help me figure out what is the cause? The nmap tool tells me this.
Also, I was unable to find a good forum to post this in. Didn't seem to fit any of them, but I saw multiple other dns recursion related threads in this forum, so that's why I posted here, even though Windows Server isn't part of the equation.
If anyone has any advice on this as maybe more things for me to try or general guidelines for different cases, it would be greatly appreciated as this is starting to drive me crazy. Thanks.