13.17. Preventing Cache Pollution on DNS Servers
You want to prevent the DNS cache on a name server from becoming polluted with false information.
Using a graphical user interface
Open the DNS snap-in and connect to the name server you want to manage.
Right-click on the name server node and select Properties.
Select the Advanced tab.
Select the checkbox labeled Secure against cache pollution.
Using a command-line interface
The following command adds the value SecureResponses to the
registry key and assigns it a value of
> reg /add HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v SecureResponses /t REG_DWORD /d 1
You can provide the same function with the following code:
set objWSHShell = CreateObject("WScript.Shell") strRegKey = "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" objWSHShell.RegWrite regkey & "SecureResponses", 1
One additional method of doing something similar with VBScript is to clear the DNS cache of resource records. The following code utilizes WMI to clear the DNS cache on the current computer:
strComputer = "." set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\MicrosoftDNS") set colItems = objWMI.ExecQuery("Select * From MicrosoftDNS_Cache") for each objItem in colItems objItem.ClearCache( ) next
The DNS Server cache is used to temporarily store the result of DNS queries from clients so that if the same query is received within a short time ...