Export (0) Print
Expand All

Secure the DNS Cache

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

Cache pollution occurs when DNS query responses contain nonauthoritative or malicious data. The Secure cache against pollution option prevents an attacker from successfully polluting the cache of a DNS server with resource records that were not requested by the DNS server. Changing this default setting is a security risk that can allow an attacker to insert data into the DNS cache that redirects DNS clients to a malicious site. You can use this procedure to restore the default setting if it was previously changed.

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

  2. In the console tree, click the name of the DNS server you wish to configure.

  3. On the Action menu, click Properties.

  4. Click the Advanced tab.

  5. In Server options, select the Secure cache against pollution check box, and then click OK.

noteNote
The Secure cache against pollution option is enabled by default.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft