Registry key for "QueryIpMatching"

From: Makoto Shiotsuki (
Date: 07/30/02

Date: Tue, 30 Jul 2002 13:30:41 +0900
From: Makoto Shiotsuki <>

As described in the CERT Vulnerability Note VU#458659, there is
a registry entry "QueryIpMatching" to prevent W2K DNS resolver
from accepting responses from non-queried DNS servers.

Many documents including VU#458659, ISS X-Force#4280, and DNS
white papers from Microsoft indicate that the registry location
for "QueryIpMatching" is;


But as far as I and another person tried, correct location is;


This registry location (...\Tcpip\Parameters) is described in
"Microsoft Windows 2000 TCP/IP Implementation Details".

I hope this confusion will be cleared up.


  CERT/CC Vulnerability Note VU#458659

  ISS X-Force win2k-dns-resolver (4280)

  DNS Caching, Network Prioritization, and Security

  Microsoft Windows 2000 TCP/IP Implementation Details

(Thanks Noda-san for the testing ;)

Makoto Shiotsuki