DNS Settings



Multiple DNS implementations vulnerable to cache poisoning

In response to the above security vulnerability, I'm trying to manually
configure WinXP machine to query OpenDNS servers (or any other DNS server
that's been patched).

I'm doing this because the WinXP machine is currently using ISP DNS server
and they haven't done anything to fix the problem. I doubt they will patch
their DNS servers at anytime soon (I'm talking about ISP in a 3rd world

If I configure my TCP/IP settings to use primary/secondary DNS from OpenDNS,
what will happen? Will XP 'ask' primary DNS and if that fails, XP then 'ask'
secondary DNS? If both fail, will I get "unknown URL" message?

Does anyone know how WinXP DNS resolution behave? I'd like to be sure that
my WinXP machine only queries DNS servers that I tell it to use. I don't
want it to failover to some unpatched DNS servers out there on the web and
get a bogus result.



Thanks but this is actually WinXP question. I'd like to know how WinXP name
resolution works.

Gary S. Terhune

Yeah, I realized that after I sent, but I was on my way out the door. And
while I don't know how DNS requests get handled after those two are tried
(look for another DNS server of display "Can't be found" error?) it did
occur to me as I was riding down the road that if you have broadband, you'll
also want to check the settings in the modem and/or router (or whatever you
have) to see that all of their DNS settings are also set to OpenDNS servers.
If your XP doesn't stop after the secondary DNS in TCP/IP settings, the next
place I would bet it looks is the default gateway, which gets its DNS data
from the ISP.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question