Question : DNS Using Nearly Every Well Known Port

Hi,

While trying to fix a problem with IAS running on our server, I noticed that DNS seems to be using nearly every well known port, from 1000 - upwards.

I first notied when IAS stopped, and the event log said it couldn't start because the socket was in use. So I used the CurrPorts tool to view the open/listening ports, and found DNS was listening on the same port as IAS (1812). Stopping the DNS server, allowed me to start IAS again. However, when I restart DNS, it again grabs nearly every port above 1000, many of which are used by other applications.

I've run CurrPorts on our other DNS server, and this is using just port 53, 1129, 1147 and 4629 in the lower range of ports, as expected. All of the other open/listening ports are above port 49,000, which aren't well known, and so not used by other applications.

This has only happened in the past week, previously IAS was running without any interference from DNS. Why would DNS suddenly start trying to grab all of the ports in the well known range, and how can you reset it to use the upper range.

Thanks

Ben

Answer : DNS Using Nearly Every Well Known Port

A recent security fix to DNS causes it to use a different source port for each reply.  One port will appear in the table for each unique DNS query.  It will linger for a couple minutes and then disappear.

The workaround is to reserve the ports for IAS.  See http://www.capslockassassin.com/2009/01/28/ms08-037-causes-port-conflicts-with-dns-and-ias-services/