Microsoft – DNS – Network Port Allocation

 

Background

Trying to determine why MS Windows Nodes and applications are not able to authenticate against our AD Server.

Checked Event Viewer, nothing new, same old problems I have yet to appropriately fix.

Next Checked Network Connections by issuing “netstat -anb” and noticed a lot more network port allocations than I could shake a stick at.

 

Diagnostics

netstat

Let us get raw netstat data through “netstat -anb”.

  netstat -anb | more

Output:

netstat--plain

 

How many dns records in fact are allocated?  We will use netstat.exe and find.exe


  netstat -anb | find /I "dns.exe" /c

Output:

netstat--filter--dns-exe--count

 

 

Explanation:

  • What in the world are we doing with over 2500 dns network connections
  • Unfortunately the “Foreign Address” is  *:*
  • And, we have an empty “State”, as well

So really unable to see who we are talking to and how far along in the conversation.

 

Remediation – DNS – Network Port Allocation

dnscmd

The dnscmd is a very valuable tool for researching and “fixing” DNS Configuration.

 

dnscmd – get socket pool size

Syntax:

   dnscmd /Info /SocketPoolSize

Output:

DNSCmd--Info--SocketPoolSize

2500 is way above what we need.

 

dnscmd – set maximum socket pool size

Syntax:

dnscmd /Config /SocketPoolSize pool-size

Sample:

Set a limit of 150

dnscmd /Config /SocketPoolSize 150 

Output:

DNSCMd - Set SocketPoool Size

 

Please re-query DNS and validate that changes have been enforced

DNSCMD - Requery

 

 

Effect Changes

DNS Server Restart

Syntax:


net stop dns
net start dns

 

 

Validate Changes

Post DNS Server restart, validate that DNS Server has much lower Network ports allocation

Sample:

netstat -anb | find /I "dns.exe" /c

Output:

DNSNetworkPortPortServicereconfigAndRestart

 

Acknowledgement

Publicly acknowledging Richard Nobel.  His visible hard work and care is available @ http://rickardnobel.se/.

And, Mattias R Jensen, who took the time to answer a good question about DNS Network Port Allocation on Serverfault.com.

Conclusion

Setting an upper limit on the number of DNS network ports that will be opened saves us a bit.

But, yet to be determined is what is triggering the port allocations, in the first place.  It could be a few things:

  • A misconfigured DNS Server that is having problems properly communicating internally
  • DNS Primary and Secondary Server Topology synching traffic
  • Peer AD Servers registration
  • External DNS Requests (Port exhaustion, DNS Update attempts, etc)

References

References – Microsoft – Active Directory / related DNS TroubleShooting

 

References – Microsoft – DNS – Network Port Allocation Troubleshooting – QA

 

References – Microsoft – DNS – Network Port Allocation Troubleshooting – QA

 

References – Microsoft – DOS Shell Scripting

 

One thought on “Microsoft – DNS – Network Port Allocation

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s