Re: DNS cache poisoning
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/29/04
- Next message: Steven L Umbach: "Re: group scope and application question"
- Previous message: Steven L Umbach: "Re: Sytem Shutdown"
- In reply to: Tony Pizzi: "DNS cache poisoning"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: DNS cache poisoning"
- Reply: anonymous_at_discussions.microsoft.com: "Re: DNS cache poisoning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 15:21:20 GMT
I checked my W2K dns server and it also has secure from cache poisoning
enabled and there is not entry in the registry. You might also want to post
in the win2000.dns newsgroup for advice. Keep in mind that your dns server
and dns clients cache dns responses for a period of time. You can manually
clear the dns cached zone on your server by right clicking cached lookups
and selecting clear cache. Cached lookup zone will not show until you select
view/advanced in the DNS Management Console. You have to use ipconfig
/flushdns to clear client resolver cache and the dns server has a client dns
cache also. If you are using root hints to resolve dns names on your dns
server you may want to try to forward to your ISP dns server and disable
recursion in the forwarders box to slave your dns server to the ISP dns
server. Of course if they are passing the bad info that will not help and
you may want to try root hints instead. Also check your dns zones to make
sure there are no bogus entries added. --- Steve
"Tony Pizzi" <anonymous@discussions.microsoft.com> wrote in message
news:0a6301c4a628$a308ebb0$a401280a@phx.gbl...
> We are running a WIN2K server with DNS that was exploited
> with DNS cache poisoning. It was trying to redirect our
> email to another server. We found what appeared to be a
> fix in the MS knowledgebase article 241352.
> It described the fix as follows:
>
> Windows 2000
> A Windows 2000-based DNS server can filter out the
> responses for these non-secure records.
>
> To enable this feature:
> Start Registry Editor (Regedt32.exe).
> Locate the following key in the registry:
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Pa
> rameters
>
> On the Edit menu, click Add Value, and then add the
> following registry value:
> Value Name: SecureResponses
> Data Type: REG_DWORD
> Value: 1 (To eliminate non-secure data)
>
> Quit Registry Editor.
> By default, this key does not exist and non-secure data is
> not eliminated from responses.
>
> NOTE: On Windows 2000, you can perform the same entry in
> the GUI. Use the following steps to do this:
>
>
> Open DNS Management Console by clicking Start, Programs,
> Adminstrative Tools, DNS.
> Right click on the server name in the left window pane.
> Choose Properties.
> Choose the Advanced tab.
> Place a check in the box "Secure cache against pollution".
>
> When we checked this on the server there was no value in
> the registry, but when going through the gui the Secure
> cache against pollution box was checked.
> Should there also be a registry setting when this check
> box is enabled?
> Any ideas how this server could get exploited with this
> setting enabled?
>
> ANy assistance would be greatly appreciated.
- Next message: Steven L Umbach: "Re: group scope and application question"
- Previous message: Steven L Umbach: "Re: Sytem Shutdown"
- In reply to: Tony Pizzi: "DNS cache poisoning"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: DNS cache poisoning"
- Reply: anonymous_at_discussions.microsoft.com: "Re: DNS cache poisoning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
