It's possible that a malicious program such viruses or worms can provide false information to the DNS client...
usually every client that requires the resolution of a name accept any answer that query with a correct ID, without bothering to verify from where comes the response.
This could become a problem because any attacker could create programs to confuse the proper operation of the service name resolution.
To force the DNS resolver service to our clients to verify that the DNS Server answers come from IP addresses on which the client has performed the query, run the application regedit.exe and select the following key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
edit or create (if doesn't exist) the following value:
"QueryIpMatching"=dword:1
