Fix DNS spoofing corruption
Administrators of Windows 2000 DNS services sometimes report a bizarre problem where the service will resolve some domains but not others. Sometimes restarting the DNS service can stave off the problem, but it almost always comes creeping back. This often shows up if you're using the DNS server in-house for things like domain resolution for Web browsers and e-mail. The reason for this is DNS cache pollution through spoofing.
DNS spoofing takes place when non-secure data is sent in response to a DNS query, and can be used to hijack queries and redirect them to a rogue DNS server. As indicated above, they can create other problems as well.
To get rid of DNS corruption of this nature in the Windows 2000 DNS server, fire up REGEDT32 and perform the following steps:
- Navigate to the key HKEY_LOCAL_MACHINE\System\CurrentControl\SetServices\DNSParameters
- Add a DWORD with the name SecureResponses and the value 1.
- Quit REGEDT32 and restart DNS.
This setting insures that the data coming in will be secure.
If you are running Windows NT 4.0, you can insert the same key in the same location as well, although the name still has to be SecureResponses (one word).
Windows 2000 also allows you to do this through the DNS Management Console. Right-click on the DNS server in the left-hand side of the DNS Management
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.
Microsoft Windows 2000 DNS: Implementation and Administration
by Kevin Kocis
Online Price: $31.99
Publisher Name: SAMS Publishing
Date published: October 2001
This book focuses on the implementation and interoperability of Windows 2000 DNS with other current DNS architectures. Most DNS implementations are UNIX-based (BIND) and MS administrators will need to acquire stronger knowledge in this area. This book will focus on integration and less about Microsoft positioning (i.e. the shortcomings of different DNS models and how Microsoft tries to be "cutting edge".)
This was first published in December 2001