Registry key for "QueryIpMatching"

From: Makoto Shiotsuki (shio@ST.RIM.OR.JP)
Date: 07/31/02


Date:         Wed, 31 Jul 2002 10:35:54 +0900
From: Makoto Shiotsuki <shio@ST.RIM.OR.JP>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

As described in the CERT Vulnerability Note VU#458659, there is
a registry entry "QueryIpMatching" to prevent W2K DNS resolver
from accepting responses from non-queried DNS servers.

Many documents including VU#458659, ISS X-Force#4280, and DNS
white papers from Microsoft indicate that the registry location
for "QueryIpMatching" is;

  HKLM\System\CurrentControlSet\Services\Dnscache\Parameters

But as far as I and another person tried, correct location is;

  HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

This registry location (...\Tcpip\Parameters) is described in
"Microsoft Windows 2000 TCP/IP Implementation Details".

I hope this confusion will be cleared up.

References:

  CERT/CC Vulnerability Note VU#458659
  http://www.kb.cert.org/vuls/id/458659

  ISS X-Force win2k-dns-resolver (4280)
  http://www.iss.net/security_center/static/4280.php

  DNS Caching, Network Prioritization, and Security
  http://www.microsoft.com/
         technet/prodtechnol/winxppro/reskit/prjj_ipa_vitx.asp

  Microsoft Windows 2000 TCP/IP Implementation Details
  http://www.microsoft.com/
         TechNet/itsolutions/network/deploy/depovg/tcpip2k.asp

(Thanks Noda-san for the testing ;)

Makoto Shiotsuki



Relevant Pages

  • Registry key for "QueryIpMatching"
    ... a registry entry "QueryIpMatching" to prevent W2K DNS resolver ... from accepting responses from non-queried DNS servers. ... white papers from Microsoft indicate that the registry location ... CERT/CC Vulnerability Note VU#458659 ...
    (Focus-Microsoft)
  • Re: Seeking info about best practice for multihomed (or not) DCs
    ... Unteamed NICs in a DC is inviting trouble, ... Prior to making any registry modification, ... Multihomed DCs, DNS, RRAS servers. ... In the DNS console, right click the server name, choose properties, then ...
    (microsoft.public.windows.server.networking)
  • Re: Seeking info about best practice for multihomed (or not) DCs
    ... advisable to use multihoming on a DC. ... Unteamed NICs in a DC is inviting trouble, ... Prior to making any registry modification, ... Multihomed DCs, DNS, RRAS servers. ...
    (microsoft.public.windows.server.networking)
  • Re: Seeking info about best practice for multihomed (or not) DCs
    ... like to reiterate that a multihomed DC is not advisable unless the NICs ... registry entries to be modified. ... Multihomed DCs, DNS, RRAS servers. ... A standard Windows service, called the "Browser service", provides ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS - required as Internet Gateway
    ... My server is not a DC just a standalone server... ... Multihomed DCs, DNS, RRAS servers. ... When there are multiple NICs, ... there are some registry changes to eliminate the ...
    (microsoft.public.windows.server.active_directory)