DNS server resolves some Internet names incorrectly

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The symptom for this problem is that the Domain Name System (DNS) server stops resolving some Internet names correctly. It might give inaccurate responses or fail to resolve Internet names completely, while other Internet names resolve accurately. This problem may get worse over time. Clearing the DNS server cache, restarting the DNS service, or restarting the DNS server resolves the problem temporarily, but the problem may continue to occur.

Cause

The DNS server might be experiencing cache pollution. This is caused by the DNS server receiving and caching an inaccurate start of authority (SOA) record for a portion of the Internet namespace. For example:

1. A DNS server queries a specific name server to resolve host.contoso.com.

2. The DNS server that is being queried gives a response. Along with the response — in the authority section — it gives an incorrect record for the .com namespace.

3. This record is cached and all new queries that contain the top-level domain name of com will not resolve, or they resolve to an incorrect Internet Protocol (IP) address.

Solution

Configure the DNS server for protection against cache pollution by completing the following procedure.

To configure the DNS server for protection against cache pollution

1. Click Start, point to All Programs, point to Administrative Tools, and then click DNS.

2. In the console tree, right-click the DNS server that you want to protect against cache pollution, click Properties, and then click the Advanced tab.

3. Select the Secure cache against pollution check box, and then click OK.