Re: dns.exe 2500 open ports in netstat -ab
In news:e8BT7jj6IHA.3480@TK2MSFTNGP03.phx.gbl,
Ace Fekay [MVP] <PleaseAskMe@SomeDomain.com> typed:
>
> I'm starting to think it's related to DNS where the system will
> reserve empheral ports and they show up as what you're seeing. Not
> sure. Haven't heard back anything yet. But take a look at this
> article. This shows how to reserve them and the DNS updates may just
> be doing that. Reserved ports are probably showing up as what you're
> seeing. This is just speculation. I'll let you know if I hear
> anything that I can post.
> Ace
Oops, I forgot to post the articles. in addition, I am also speculating this
will not show as a performance hit, rather it is just displaying which ports
are reserved, but not necessarily in use. As I said, this is just
speculation.
MS08-037: Vulnerabilities in DNS could allow spoofing
http://support.microsoft.com/default.aspx/kb/953230
How to reserve a range of ephemeral ports on a computer that is running
Windows Server 2003 or Windows 2000 Server
http://support.microsoft.com/kb/812873
Ace
Re: dns.exe 2500 open ports in netstat -ab
yeah thanks!
the good old: "this behavior is by design" :)
"Griff" wrote:
> Thanks Alun!
>
> "Alun Jones" wrote:
>
> > "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
> > news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
> > > On one Domaincontroller in a child domain i see 2500 open ports from
> > > dns.exe.
> > > No remote address and no status.
> > > I havent seen that before and its not like that on another DC.
> > > i already rebooted but it comes back. when i restart DNS Server Service
> > > they
> > > all open imediately.
> >
> > As crazy as it sounds, this is normal behaviour of the patch for MS08-037 -
> > http://support.microsoft.com/kb/953230
> >
> > The DNS server reserves 2500 UDP sockets at random ports - opens and binds
> > to them for use later.
> >
> > There are reports that sometimes these ports conflict with other
> > applications that start up after the DNS server.
> >
> > For such applications, you can set the ReservedPorts registry setting, as
> > described in http://support.microsoft.com/kb/812873.
> >
> > Alun.
> > ~~~~
> > --
> > Texas Imperial Software | Web: http://www.wftpd.com/
> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
> >
> >
Re: dns.exe 2500 open ports in netstat -ab
I was beginning to think my post hadn't gone anywhere, because it wasn't
showing up in Windows Live Mail.
Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
"ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
news:CDFF97C1-AC2D-4CF9-A084-43C903E0AC96@microsoft.com...
> yeah thanks!
>
> the good old: "this behavior is by design" :)
>
> "Griff" wrote:
>
>> Thanks Alun!
>>
>> "Alun Jones" wrote:
>>
>> > "ThorstenK" <ThorstenK@discussions.microsoft.com> wrote in message
>> > news:0681E707-A0C5-4815-8C6B-B7DCD50E65D7@microsoft.com...
>> > > On one Domaincontroller in a child domain i see 2500 open ports from
>> > > dns.exe.
>> > > No remote address and no status.
>> > > I havent seen that before and its not like that on another DC.
>> > > i already rebooted but it comes back. when i restart DNS Server
>> > > Service
>> > > they
>> > > all open imediately.
>> >
>> > As crazy as it sounds, this is normal behaviour of the patch for
>> > MS08-037 -
>> > http://support.microsoft.com/kb/953230
>> >
>> > The DNS server reserves 2500 UDP sockets at random ports - opens and
>> > binds
>> > to them for use later.
>> >
>> > There are reports that sometimes these ports conflict with other
>> > applications that start up after the DNS server.
>> >
>> > For such applications, you can set the ReservedPorts registry setting,
>> > as
>> > described in http://support.microsoft.com/kb/812873.
>> >
>> > Alun.
>> > ~~~~
>> > --
>> > Texas Imperial Software | Web: http://www.wftpd.com/
>> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
>> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
>> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD
>> > Explorer.
>> >
>> >
dns.exe 2500 open ports in netstat -ab
worth noting is that the port range you'll see in TCPVIEW is 49xxx and above -- supposedly only related to what you should see with Server 2008 or Vista. Maybe that's part of the problem. We are Win2K3 and have the 2500 ports open too...
- Mango
Re: dns.exe 2500 open ports in netstat -ab
> worth noting is that the port range you'll see in TCPVIEW is 49xxx
> and above -- supposedly only related to what you should see with
> Server 2008 or Vista. Maybe that's part of the problem. We are Win2K3
> and have the 2500 ports open too...
>
> - Mango
Is it causing any problems with other apps?
Ace