Re: DNS cache poisoning
anonymous_at_discussions.microsoft.com
Date: 09/29/04
- Next message: djc: "Re: group scope and application question"
- Previous message: Steven L Umbach: "Re: Implementing Restricted groups"
- In reply to: Steven L Umbach: "Re: DNS cache poisoning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 10:01:11 -0700
>-----Original Message-----
>I checked my W2K dns server and it also has secure from
cache poisoning
>enabled and there is not entry in the registry. You might
also want to post
>in the win2000.dns newsgroup for advice. Keep in mind
that your dns server
>and dns clients cache dns responses for a period of time.
You can manually
>clear the dns cached zone on your server by right
clicking cached lookups
>and selecting clear cache. Cached lookup zone will not
show until you select
>view/advanced in the DNS Management Console. You have to
use ipconfig
>/flushdns to clear client resolver cache and the dns
server has a client dns
>cache also. If you are using root hints to resolve dns
names on your dns
>server you may want to try to forward to your ISP dns
server and disable
>recursion in the forwarders box to slave your dns server
to the ISP dns
>server. Of course if they are passing the bad info that
will not help and
>you may want to try root hints instead. Also check your
dns zones to make
>sure there are no bogus entries added. --- Steve
>
>
>"Tony Pizzi" <anonymous@discussions.microsoft.com> wrote
in message
>news:0a6301c4a628$a308ebb0$a401280a@phx.gbl...
>> We are running a WIN2K server with DNS that was
exploited
>> with DNS cache poisoning. It was trying to redirect our
>> email to another server. We found what appeared to be a
>> fix in the MS knowledgebase article 241352.
>> It described the fix as follows:
>>
>> Windows 2000
>> A Windows 2000-based DNS server can filter out the
>> responses for these non-secure records.
>>
>> To enable this feature:
>> Start Registry Editor (Regedt32.exe).
>> Locate the following key in the registry:
>>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Pa
>> rameters
>>
>> On the Edit menu, click Add Value, and then add the
>> following registry value:
>> Value Name: SecureResponses
>> Data Type: REG_DWORD
>> Value: 1 (To eliminate non-secure data)
>>
>> Quit Registry Editor.
>> By default, this key does not exist and non-secure data
is
>> not eliminated from responses.
>>
>> NOTE: On Windows 2000, you can perform the same entry in
>> the GUI. Use the following steps to do this:
>>
>>
>> Open DNS Management Console by clicking Start, Programs,
>> Adminstrative Tools, DNS.
>> Right click on the server name in the left window pane.
>> Choose Properties.
>> Choose the Advanced tab.
>> Place a check in the box "Secure cache against
pollution".
>>
>> When we checked this on the server there was no value in
>> the registry, but when going through the gui the Secure
>> cache against pollution box was checked.
>> Should there also be a registry setting when this check
>> box is enabled?
>> Any ideas how this server could get exploited with this
>> setting enabled?
>>
>> ANy assistance would be greatly appreciated.
>
>Thanks for the suggestions Steve.
We did clear the cache, but it reappeared again after.
>.
>
- Next message: djc: "Re: group scope and application question"
- Previous message: Steven L Umbach: "Re: Implementing Restricted groups"
- In reply to: Steven L Umbach: "Re: DNS cache poisoning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
