2.2.2.11 DirectAccess Query IPsec Encryption

Key: Software\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig\{Rule GUID} or System\CurrentControlSet\services\Dnscache\Parameters\DnsPolicyConfig\{Rule GUID}<14>

Value: "DirectAccessQueryIPSECEncryption"

Type: REG_DWORD

Size: 32 bits.

Data: This field is a 32-bit value, which MUST contain one of the following values.

Value

Meaning

0x00000000

No encryption (integrity only) required for IPsec protection of DNS queries.

0x00000001

Low security, which includes DES or AES with key size of 128, 192, or 256 bits, required for IPsec protection of DNS queries.

0x00000002

Medium security, which includes AES with key size of 128, 192, or 256 bits, required for IPsec protection of DNS queries.

0x00000003

High security, which includes AES with key size of 192 or 256 bits, required for IPsec protection of DNS queries.