How can I stop DNS Cache pollution?

A. DNS cache pollution can occur if Directory Naming Service(DNS) "spoofing" has been encountered. The term "spoofing"describes the sending of non-secure data in response to a DNS query. It can beused to redirect queries to a rogue DNS server and can be malicious in nature.

Windows NT DNS can be configured to filter out responses to unsecured recordsby performing the following:

The following is taken from Knowledge base article Q198409 which helpsunderstand this more:

"Examples: DNS server makes MX query for domain.samples.microsoft.com tosamples.microsoft.com's DNS server. The samples.microsoft.com DNS serverresponds but includes A record for A.ROOT-SERVERS.NET giving its own address.The rogue DNS server has then gotten itself set up as a root server in your DNSserver's cache. Less malicious, but more common, are referral responses (ordirect responses from BIND, see WriteAuthorityNs for discussion) that containrecords for the DNS of an ISP: Authority section:

Additional section:

NOTE: The address record for the ISP happens to be oldstale. IfSecureResponses is on, records that are not in a subtree of the zone queried areeliminated. For example, in the example above, the samples.microsoft.com. DNSserver was queried, so the all the samples.microsoft.com records are secure, butthe ns.isp.microsoft.com. A record is not in the sample .microsoft.com. subtree,and is not cached or returned by the DNS server."