Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



dns.exe 2500 open ports in netstat -ab

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #16  
Old 22-07-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: dns.exe 2500 open ports in netstat -ab

In news:e8BT7jj6IHA.3480@TK2MSFTNGP03.phx.gbl,
Ace Fekay [MVP] <PleaseAskMe@SomeDomain.com> typed:
>
> I'm starting to think it's related to DNS where the system will
> reserve empheral ports and they show up as what you're seeing. Not
> sure. Haven't heard back anything yet. But take a look at this
> article. This shows how to reserve them and the DNS updates may just
> be doing that. Reserved ports are probably showing up as what you're
> seeing. This is just speculation. I'll let you know if I hear
> anything that I can post.
> Ace


Oops, I forgot to post the articles. in addition, I am also speculating this
will not show as a performance hit, rather it is just displaying which ports
are reserved, but not necessarily in use. As I said, this is just
speculation.

MS08-037: Vulnerabilities in DNS could allow spoofing
http://support.microsoft.com/default.aspx/kb/953230

How to reserve a range of ephemeral ports on a computer that is running
Windows Server 2003 or Windows 2000 Server
http://support.microsoft.com/kb/812873

Ace


Reply With Quote
  #17  
Old 22-07-2008
ThorstenK
 
Posts: n/a
Re: dns.exe 2500 open ports in netstat -ab

yeah thanks!

the good old: "this behavior is by design" :)

"Griff" wrote:

> Thanks Alun!
>
> "Alun Jones" wrote:
>
> > "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
> > news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
> > > On one Domaincontroller in a child domain i see 2500 open ports from
> > > dns.exe.
> > > No remote address and no status.
> > > I havent seen that before and its not like that on another DC.
> > > i already rebooted but it comes back. when i restart DNS Server Service
> > > they
> > > all open imediately.

> >
> > As crazy as it sounds, this is normal behaviour of the patch for MS08-037 -
> > http://support.microsoft.com/kb/953230
> >
> > The DNS server reserves 2500 UDP sockets at random ports - opens and binds
> > to them for use later.
> >
> > There are reports that sometimes these ports conflict with other
> > applications that start up after the DNS server.
> >
> > For such applications, you can set the ReservedPorts registry setting, as
> > described in http://support.microsoft.com/kb/812873.
> >
> > Alun.
> > ~~~~
> > --
> > Texas Imperial Software | Web: http://www.wftpd.com/
> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
> >
> >

Reply With Quote
  #18  
Old 28-07-2008
Sil Grouwstra
 
Posts: n/a
KB951746

update kb951746, dns.exe consumes lots of more memory than i'am used to. 36.332K instead of 7,308K
Reply With Quote
  #19  
Old 29-07-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: KB951746

In news:2008728113922grouwstra@sigris.nl,
Sil Grouwstra <Sil Grouwstra> typed:
> update kb951746, dns.exe consumes lots of more memory than i'am used
> to. 36.332K instead of 7,308K


Thanks. Didn't even realize that one.

Ace


Reply With Quote
  #20  
Old 29-07-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: KB951746

In news:eOL3CvQ8IHA.2416@TK2MSFTNGP02.phx.gbl,
Ace Fekay [MVP] <PleaseAskMe@SomeDomain.com> typed:
> In news:2008728113922grouwstra@sigris.nl,
> Sil Grouwstra <Sil Grouwstra> typed:
> > update kb951746, dns.exe consumes lots of more memory than i'am used
> > to. 36.332K instead of 7,308K

>
> Thanks. Didn't even realize that one.
>
> Ace


After thinking about it afterwards, the hotfix is reserving 2500 ports to
eliminate empheral port randomization to eliminate the vulnerability, but in
reserving the ports, it has to store them somewhere, which of course would
make sense in the dns.exe process, therefore requiring more RAM in doing
therefore explains what you are seeing in increased RAM usage.

Ace


Reply With Quote
  #21  
Old 30-07-2008
Alun Jones
 
Posts: n/a
Re: dns.exe 2500 open ports in netstat -ab

I was beginning to think my post hadn't gone anywhere, because it wasn't
showing up in Windows Live Mail.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

"ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
news:CDFF97C1-AC2D-4CF9-A084-43C903E0AC96@microsoft.com...
> yeah thanks!
>
> the good old: "this behavior is by design" :)
>
> "Griff" wrote:
>
>> Thanks Alun!
>>
>> "Alun Jones" wrote:
>>
>> > "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
>> > news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
>> > > On one Domaincontroller in a child domain i see 2500 open ports from
>> > > dns.exe.
>> > > No remote address and no status.
>> > > I havent seen that before and its not like that on another DC.
>> > > i already rebooted but it comes back. when i restart DNS Server
>> > > Service
>> > > they
>> > > all open imediately.
>> >
>> > As crazy as it sounds, this is normal behaviour of the patch for
>> > MS08-037 -
>> > http://support.microsoft.com/kb/953230
>> >
>> > The DNS server reserves 2500 UDP sockets at random ports - opens and
>> > binds
>> > to them for use later.
>> >
>> > There are reports that sometimes these ports conflict with other
>> > applications that start up after the DNS server.
>> >
>> > For such applications, you can set the ReservedPorts registry setting,
>> > as
>> > described in http://support.microsoft.com/kb/812873.
>> >
>> > Alun.
>> > ~~~~
>> > --
>> > Texas Imperial Software | Web: http://www.wftpd.com/
>> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
>> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
>> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD
>> > Explorer.
>> >
>> >

Reply With Quote
  #22  
Old 26-08-2008
Mango Tango
 
Posts: n/a
dns.exe 2500 open ports in netstat -ab

worth noting is that the port range you'll see in TCPVIEW is 49xxx and above -- supposedly only related to what you should see with Server 2008 or Vista. Maybe that's part of the problem. We are Win2K3 and have the 2500 ports open too...

- Mango
Reply With Quote
  #23  
Old 26-08-2008
Ace Fekay [MVP Direcrtory Services]
 
Posts: n/a
Re: dns.exe 2500 open ports in netstat -ab

> worth noting is that the port range you'll see in TCPVIEW is 49xxx
> and above -- supposedly only related to what you should see with
> Server 2008 or Vista. Maybe that's part of the problem. We are Win2K3
> and have the 2500 ports open too...
>
> - Mango



Is it causing any problems with other apps?

Ace

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "dns.exe 2500 open ports in netstat -ab"
Thread Thread Starter Forum Replies Last Post
How to open the same ports on multiple IPs brynhildur Networking & Security 4 10-12-2010 10:11 AM
Can't get into http:/192.168.1.1 to open ports ANSEL Networking & Security 4 15-06-2010 01:30 PM
What ports do i open for vpn M. Rafi Networking & Security 3 11-08-2009 07:13 PM
What ports should I open and how cobrakaun Networking & Security 5 03-02-2009 11:26 PM
How to open ports? Yaropolk Technology & Internet 3 13-10-2008 07:18 PM


All times are GMT +5.5. The time now is 11:10 AM.