DNS Ports open

I have 2003 DNS Server running, and with all the Conflicker paranoia,
I am reviewing our lock down.

Using TCPVIEW, I see I have these ports open for the DNS.EXE service.

dns.exe:2456 TCP 0.0.0.0:2316 0.0.0.0:0 LISTENING
dns.exe:2456 TCP 127.0.0.1:53 0.0.0.0:0 LISTENING
dns.exe:2456 TCP PUBLIC.IP:53 0.0.0.0:0 LISTENING
dns.exe:2456 UDP 0.0.0.0:2315 *:*
dns.exe:2456 UDP 127.0.0.1:53 *:*
dns.exe:2456 UDP 127.0.0.1:2314 *:*
dns.exe:2456 UDP PUBLIC.IP:53 *:*

This is a primary server and it 53 is open on our public IP. Anything
odd here?

Although ports 2314 to 2316 ports are not open over the wire, I am
wondering what they are used for?

dns.exe:2456 TCP 0.0.0.0:2316 0.0.0.0:0 LISTENING
dns.exe:2456 UDP 0.0.0.0:2315 *:*
dns.exe:2456 UDP 127.0.0.1:2314 *:*

Any explanation for these for these?

Thanks

--

"Mike" <unknown@unknown.tv> wrote in message
news:uRSTn2wsJHA.3988@TK2MSFTNGP05.phx.gbl...
>I have 2003 DNS Server running, and with all the Conflicker paranoia, I am
>reviewing our lock down.
>
> Using TCPVIEW, I see I have these ports open for the DNS.EXE service.
>
> dns.exe:2456 TCP 0.0.0.0:2316 0.0.0.0:0 LISTENING
> dns.exe:2456 TCP 127.0.0.1:53 0.0.0.0:0 LISTENING
> dns.exe:2456 TCP PUBLIC.IP:53 0.0.0.0:0 LISTENING
> dns.exe:2456 UDP 0.0.0.0:2315 *:*
> dns.exe:2456 UDP 127.0.0.1:53 *:*
> dns.exe:2456 UDP 127.0.0.1:2314 *:*
> dns.exe:2456 UDP PUBLIC.IP:53 *:*
>
> This is a primary server and it 53 is open on our public IP. Anything odd
> here?
>
> Although ports 2314 to 2316 ports are not open over the wire, I am
> wondering what they are used for?
>
> dns.exe:2456 TCP 0.0.0.0:2316 0.0.0.0:0 LISTENING
> dns.exe:2456 UDP 0.0.0.0:2315 *:*
> dns.exe:2456 UDP 127.0.0.1:2314 *:*
>
> Any explanation for these for these?
>
> Thanks
>
> --

Not at all, if you've installed the DNS hotfix from last July. This is
normal. Check out the following for more info:

==================================================================================================== ==
==================================================================================================== ==


The DNS patch

The DNS patch released in July, 2008, reserves 2500 ephemeral UDP ports.
When you run a netstat -ab, it will display the 2500 UDP ports that have
been reserved, but not necessarily in use. This is part of the memory
consumption. I've noticed the following (your mileage may vary):

dns.exe Before After
Mem usage 9758K 36,232K
Peak Mem 10,208K 36,584K
Paged Pool 71K 798K
NP Pool 17K 4,833K
Handles 238 5,217
Threads 20 20

MS08-037: Description of the security update for DNS in Windows Server 2003,
in Windows XP, and in Windows 2000 Server (client side): July 8, 2008:
http://support.microsoft.com/?id=951748

MS08-037: Vulnerabilities in DNS could allow spoofing
http://support.microsoft.com/default.aspx/kb/953230

How to reserve a range of ephemeral ports on a computer that is running
Windows Server 2003 or Windows 2000 Server
http://support.microsoft.com/kb/812873

You experience issues with UDP-dependent network services after you install
DNS Server service security update 953230 (MS08-037)
http://support.microsoft.com/default.aspx/kb/956188

Some Services May Fail to Start or May Not Work Properly After Installing
MS08-037 (951746 and 951748)
http://blogs.technet.com/sbs/archive...nd-951748.aspx

SBS Services failing after MS08-037 - KB951746 and 951748
http://msmvps.com/blogs/thenakedmvp/...nd-951748.aspx

==================================================================================================== ==
==================================================================================================== ==


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org>
wrote in message news:%23J8rJV1sJHA.1504@TK2MSFTNGP03.phx.gbl...

>>
>> Any explanation for these for these?
>>
>> Thanks
>>
>> --
>
> Not at all, if you've installed the DNS hotfix from last July. This is
> normal. Check out the following for more info:
..


Typo correction: The sentence:
"> Not at all, if you've installed the DNS hotfix from last July."

Should have read as:

"What you're seeing is be normal if you've installed the DNS hotfix from
last July.

Ace

Ace Fekay [Microsoft Certified Trainer] wrote:
>
>
> Typo correction: The sentence:
> "> Not at all, if you've installed the DNS hotfix from last July."
>
> Should have read as:
>
> "What you're seeing is be normal if you've installed the DNS hotfix from
> last July.

Yes, everything is current. I think the migration to 2003 DNS is
complete now. Been on it the last few weeks and thanks to people like
yourself, help clarify a few things.

I appreciate it. :-)

--

In news:Oc8I1y3sJHA.3988@TK2MSFTNGP05.phx.gbl,
Mike <unknown@unknown.tv>, posted the following:
>
> Yes, everything is current. I think the migration to 2003 DNS is
> complete now. Been on it the last few weeks and thanks to people like
> yourself, help clarify a few things.
>
> I appreciate it. :-)

My pleasure, Mike.

Post back if you have any other questions.

Cheers!!

Ace