Since my test server is behind a NAT device I’m using private IP addresses.DNS As I mentioned earlier we’re configuring an authoritative server so leaving recursion to its default (which is enabled) will create a vulnerability for DNS Do S attacks.settings can be anything but NOT the loopback IP address ( because we’re setting up an authoritative only DNS server and not a recursive one.

A child name server also known as a glue record looks like a subdomain of the major domain but is the authoritative name server for it.

For example, the domain will have a child name server dns.along with the IP address of the server we’re setting up.

Nowadays all major domain registrars offer managed DNS service along with the domain name(s) you register with them.

You can use them to create most of the commonly used DNS records like A, MX, CNAME and some even allow you to create AAAA(IPv6), SRV and TXT records.

Open the DNS Manager, right-click the name of your server and click properties. But it isn’t done yet, the server still has root DNS servers in its configuration so it returns the root DNS server details each time it is queried for a non existent domain name.

To prevent this we need to create a forward lookup zone with the name “.” you read that right it is just a single dot.

While creating records for the domain always remember to use only public IP addresses.

First we’ll be editing the NS and SOA records that were automatically created with this zone.

Right-click “ In the “Dynamic updates” page leave it to the defaults and press Next.

Finally click “Finish” Now a root zone has been created so this server will return a NXDOMAIN (non existing domain) answer whenever a recursive query is made.

When you save this setting you’ll be asked whether you want to remove the private IP address, press “Yes” At this point DNS manager will automatically create an A record pointing “” to .