SecureResponses

HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Data type Range Default value
REG_DWORD 0 | 1 0

Description

Determines whether the DNS server filters the records it saves in its memory cache in an attempt to eliminate illegitimate records.

The DNS server saves the records of recursive names queries in a memory cache so that it can respond quickly to new queries for the same name. By default, it saves all records. However, if the value of this entry is 1, DNS only saves query records for names that are in the same subtree as the server that provided them. For example, the DNS server would save an NS record for ns.reskit.com from the reskit.com server, but not save the NS record for ns.avionics.com from the reskit.com server. This filtering was designed to minimize the effect of malicious attacks on an Internet server, but it might generate additional network traffic.

Value Meaning
0 The DNS server saves all name query records in its memory cache. It does not attempt to filter out illegitimate records.
1 The DNS server only saves records of names that are in the same subtree as the name in the original query.

Change method

To change the value of this entry, use the DNS console. Right-click the name of a DNS server, and then click the Advanced tab. This entry stores the setting of the Secure cache against pollution check box.

Activation method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.