How to Prevent DNS Cache Pollution

ID: Q241352

The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

DNS cache pollution can occur if Directory Naming Service (DNS) "spoofing" has been encountered. The term "spoofing" describes the sending of non-secure data in response to a DNS query. It can be used to redirect queries to a rogue DNS server and can be malicious in nature.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

With Windows NT 4.0 Service Pack 4 (SP4) or later, a Windows NT DNS server can filter out the responses for these non-secure records.

To enable this feature:

  1. Start Registry Editor (Regedt32.exe).


  2. Locate the following key in the registry:


    3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
  3. On the Edit menu, click Add Value, and then add the following registry value:


    4. Value Name: SecureResponses
    Data Type: REG_DWORD
    Value: 1 (To eliminate non-secure data)
  4. Quit Registry Editor.


By default, this key does not exist and non-secure data is not eliminated from responses.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
Q198409 Microsoft DNS Server Registry Parameters, Part 2 of 3

Additional query words: spoof

Keywords : kbenv
Version : winnt:4.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: November 4, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.