SecureResponses
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Data type |
Range |
Default value |
---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Determines whether the Domain Name System (DNS) server tries to eliminate illegitimate records by filtering the records it saves in its memory cache.
The DNS server saves the records of recursive name queries in a memory cache so that it can respond quickly to new queries for the same name. By default, it saves all records. However, if the value of this entry is 1, DNS saves only those query records for names that are in the same subtree as the server that provided them. For example, the DNS server would save an NS (name server) record for ns.reskit.com from the reskit.com server, but it would not save the NS record for ns.avionics.com from the reskit.com server. This filtering is designed to minimize the effect of malicious attacks on an Internet server, but it might generate additional network traffic.
Value |
Meaning |
---|---|
0 |
The DNS server saves all name query records in its memory cache. It does not attempt to filter out illegitimate records. |
1 |
The DNS server saves only those records of names that are in the same subtree as the name in the original query. |
Change method
To change the value of this entry, use the DNS console. Right-click the name of a DNS server, and then click the Advanced tab. This entry stores the setting of the Secure cache against pollution check box.
Activation method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.
Note
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.