DNS Excessive UDP ports under TCPVIEW
Using sysinternal''s TCPVIEW, I am seeing excessive DNS UDP port allocations. I had seen it late year I believe after a 2003 update and I would swear I downloaded a hotfix to make it go away, but that is not what I saw. So I got the idea that its a MS immediate "stealth" solution for some DNS DoS virus. I have now updated all my machines and its something I would like to address because TCPVIEW is less usable here and I am not sure whether its a performance hit or not. I know there is a lot of material on the subject and its all MIXED UP on what is what. Is it good or bad? But what is the basic issue here? Its a Windows 2003 Enterprise DNS (primary) server all current with security updates as of this Feb 8, 2011. Is this "Stealth" necessary to address this potential DNS virus attack? Other than it being a "eye sore," I don't see anything else on the machine performance wise. Honestly, the material out there is all mixed up on the subject and I always lean on MS based solutions but even those are confusing (when it comes to this particular issue). TIA Hector Santos, http://www.santronics.com Via Wildcat! Live Exchange NNTP Gateway http://opensite.winserver.com
February 8th, 2011 11:14am

This issue is documented here in the "Resource Consumption Issues" section: http://support.microsoft.com/kb/953230 The DNS Server in Windows reserves 2500 sockets for DNS communication. The implementation of the DNS server security update reserves a set of ports. One of the ports is selected randomly for each outgoing DNS query. This design decision was made to address performance concerns for DNS servers that handle and originate a significantly larger number of queries than Windows-based clients. The set of reserved ports that the DNS server reserves is known as a "socket pool." By default, the size of the socket pool on Windows-based servers is 2,500 sockets. To configure this size, change the SocketPoolSize registry entry in the following subkey in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\SocketPoolSize For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base: 956188 You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037) Hope it helps, Patrick
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2011 12:18am

This issue is documented here in the "Resource Consumption Issues" section: http://support.microsoft.com/kb/953230 The DNS Server in Windows reserves 2500 sockets for DNS communication. The implementation of the DNS server security update reserves a set of ports. One of the ports is selected randomly for each outgoing DNS query. This design decision was made to address performance concerns for DNS servers that handle and originate a significantly larger number of queries than Windows-based clients. The set of reserved ports that the DNS server reserves is known as a "socket pool." By default, the size of the socket pool on Windows-based servers is 2,500 sockets. To configure this size, change the SocketPoolSize registry entry in the following subkey in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\SocketPoolSize For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base: 956188 You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037) Hope it helps, Patrick Thanks, I saw these but wasn't quite sure what to do since I don't have any of of the hot fixes and they were not applied during auto update. PSINFO -h doesn't show them and the DNS.EXE and other files listed are newer than what is listed. So I wasn't sure if I already had the current wares and/or the issue still applied. Nonetheless I did set the socket pool size to 200. TCPVIEW is more reasonble now. Hector Santos, http://www.santronics.com Via Wildcat! Live Exchange NNTP Gateway http://opensite.winserver.com
February 12th, 2011 5:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics