4. Click on the Forwarders tab. Make sure there is not a checkmark in the Do not use
recursion for this domain check box. If this option is selected, the caching-only DNS
server cannot use the root hints list of the root Internet DNS server to resolve Internet
host names. Select this option only if you decide to use a forwarder. In this case, we do
not use a forwarder.
5. Click the Advanced tab. Confirm that there is a checkmark in the Secure cache against
pollution check box. This prevents Internet DNS servers and attackers from inserting
additional records in a DNS response. These additional records could be used as part of
a co-coordinated DNS attack.
ISA Server 2004 Configuration Guide 57