Skip navigation
Menu
Compute Engines

How can I ensure that the DNS resolver uses only results from queried DNS servers?

A. By default, if a client requests name resolution, the client will accept any response with the correct query ID, regardless of where the response is from. This behavior could lead to security problems if a rogue process that deliberately returns incorrect information exists on a system. To force the DNS resolver to match the source IP address of the response with the DNS servers that the DNS resolver queried, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe) on each client machine.
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry subkey.
  3. From the Edit menu, select New, DWORD Value.
  4. Enter the name QueryIpMatching, then press Enter.
  5. Double-click the new value, set it to 1, then click OK.
  6. Close the registry editor.
  7. Reboot the machine for the change to take effect.
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023