The current Internet climate poses serious threats to the Domain Name System. In the interim period before the DNS protocol can be secured more fully@ measures can already be taken to harden the DNS to make 'spoofing' a recursing nameserver many orders of magnitude harder. Even a cryptographically secured DNS benefits from having the ability to discard bogus responses quickly@ as this potentially saves large amounts of computation. By describing certain behavior that has previously not been standardized@ this document sets out how to make the DNS more resilient against accepting incorrect responses. This document updates RFC 2181.