Preventing the Resolver from Accepting Responses from Non-Queried Servers

By default, the resolver accepts responses from the servers that it did not query. This feature speeds performance but can be a security risk. If you want to disable this feature, add the registry entry QueryIpMatching with the value 1 (REG_DWORD) to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \DnsCache\Parameters

Caution

Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.