DNS.EXE allocates 5000+ ports immediately

windows-server-2008 domain-name-system

Solution 1:

This is a well-known side effect of the hotfix distributed to address MS08-037, since the hotfix is intended to decrease the predictability of ports used for DNS responses.

You can restrict the amount of ports used by defining a lower Socket Pool Size, as described in this article:

Using dnscmd.exe

  • Open an elevated Command Prompt (Run as Administrator...)
  • Issue dnscmd /Config /SocketPoolSize <value> where <value> is a number between 0 and 10000

Using regedit.exe

  • Open regedit.exe and expand the HKLM hive
  • Navigate to SYSTEM\CurrentControlSet\services\DNS\Parameters
  • If not already present, create a new DWORD value named SocketPoolSize
  • Set a decimal value between 0 and 10000
  • Restart the DNS Server service: net stop dns && net start dns

Be aware that setting the value too low, effectively defeats the purpose of MS08-037

If you're on Windows Server 2008 R2 and just want to make sure that a number of individual UDP endpoints are not used by DNS, you can also specify a list of port ranges to be excluded from use by DNS:

dnscmd /Config /SocketPoolExcludedPortRanges <start>-<end>

Related

Need a technique to coerce sysadmins to log the reason for accessing a prod server
How can I *include* folders through Dropbox's selective sync feature in Linux, from the command line?
Do changes in SPF records take time to propagate?
How to fix .. 554 Message rejected: Email address is not verified
Cannot conect MySQL (error 2026) after upgrade to Ubuntu 20.04
Can't connect to default admin share on Windows 2008
When does a CDN (content delivery network) become worth it?
IPv6: How to start? (ISP perspective)
Apache CustomLog to log full URL
How do I restart rabbitmq after switching machines?
Is it safe to write batch files with Unix line endings?
understanding "ip addr change" and "ip addr replace" commands