Fix DNS spoofing corruption

How to fix intermittent DNS resolution failures.

 

Fix DNS spoofing corruption
Serdar Yegulalp

Administrators of Windows 2000 DNS services sometimes report a bizarre problem where the service will resolve some domains but not others. Sometimes restarting the DNS service can stave off the problem, but it almost always comes creeping back. This often shows up if you're using the DNS server in-house for things like domain resolution for Web browsers and e-mail. The reason for this is DNS cache pollution through spoofing.

DNS spoofing takes place when non-secure data is sent in response to a DNS query, and can be used to hijack queries and redirect them to a rogue DNS server. As indicated above, they can create other problems as well.

To get rid of DNS corruption of this nature in the Windows 2000 DNS server, fire up REGEDT32 and perform the following steps:

  1. Navigate to the key HKEY_LOCAL_MACHINE\System\CurrentControl\SetServices\DNSParameters

  2. Add a DWORD with the name SecureResponses and the value 1.

  3. Quit REGEDT32 and restart DNS.

This setting insures that the data coming in will be secure.

If you are running Windows NT 4.0, you can insert the same key in the same location as well, although the name still has to be SecureResponses (one word).

Windows 2000 also allows you to do this through the DNS Management Console. Right-click on the DNS server in the left-hand side of the DNS Management Console, select Properties, select Advanced, and check the "Secure cache against pollution" box.


Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.

Related Book

Microsoft Windows 2000 DNS: Implementation and Administration
by Kevin Kocis
Online Price: $31.99
Publisher Name: SAMS Publishing
Date published: October 2001
Summary:
This book focuses on the implementation and interoperability of Windows 2000 DNS with other current DNS architectures. Most DNS implementations are UNIX-based (BIND) and MS administrators will need to acquire stronger knowledge in this area. This book will focus on integration and less about Microsoft positioning (i.e. the shortcomings of different DNS models and how Microsoft tries to be "cutting edge".)


This was first published in December 2001

Dig deeper on Domain Name System (DNS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close