none
DNS UDP Ports RRS feed

  • Question

  • Hi,

    This document specifies that a random port numbered 49152 or above is used for responses to remote DNS server: https://technet.microsoft.com/en-us/library/dd197515%28v=ws.10%29.aspx

    But when I check our firewall logs I noticed that this Microsoft 2012 R2 DNS server answers with random ports around UDP 10000-12000 for zone transfers to a PowerDNS Linux based DNS server. The zone transfer failed until I granted also the UDP ports below 49152.

    Why does the Microsoft DNS server answers with UDP ports below 49152? And is there a way to force it to use the standard or fixed ports?

    Thank you


    Wednesday, December 16, 2015 3:42 PM

Answers

  • It was a firewall issue where the session was terminate due to a wrong configuration. Problem solved.
    • Marked as answer by WiVM Friday, December 18, 2015 10:17 PM
    Friday, December 18, 2015 10:17 PM

All replies

  • A DNS server listens for requests on port 53 (both UDP and TCP).
    So all DNS requests are sent to port 53, usually from an application port (>1023).

    Well Known Ports: 0 through 1023.
    Registered Ports: 1024 through 49151.
    Dynamic/Private : 49152 through 65535.

    TCP/IP port numbers are often categorized as either "server ports" (1 to 1023), or "application ports" (>1023).
    Most server programs listen for requests on a "server port", and client programs (applications) communicate with the server from a random "application port".

    Unfortunately you can't restrict on which port application send except if you had any configuration from application side to send request on specific port.


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer" Mai Ali | My blog:Technical | Twitter: Mai Ali

    • Proposed as answer by Hello_2018 Thursday, December 17, 2015 9:26 AM
    • Unproposed as answer by WiVM Thursday, December 17, 2015 10:32 AM
    Wednesday, December 16, 2015 7:42 PM
  • Hi WiVM,

    >>Why does the Microsoft DNS server answers with UDP ports below 49152?

    Windows Server 2008 and Windows Server 2008 R2 have increased the dynamic client port range for outgoing connections. The new default start port is 49152, and the default end port is 65535.

    This change was made to comply with Internet Assigned Numbers Authority (IANA) recommendations.

    For more related information, please refer to link below:

    https://support.microsoft.com/en-us/kb/929851

    https://support.microsoft.com/en-us/kb/832017

     >>And is there a way to force it to use the standard or fixed ports?

    So, you couldn't force to use the standard or fixed ports.

    For more information about IANA port-assignment standards, go to the following IANA website:

    Best regards,


    Andy_Pan

    Thursday, December 17, 2015 9:26 AM
  • Hi WiVM,

    >>Why does the Microsoft DNS server answers with UDP ports below 49152?

    Windows Server 2008 and Windows Server 2008 R2 have increased the dynamic client port range for outgoing connections. The new default start port is 49152, and the default end port is 65535.

    This change was made to comply with Internet Assigned Numbers Authority (IANA) recommendations.

    For more related information, please refer to link below:

    https://support.microsoft.com/en-us/kb/929851

    https://support.microsoft.com/en-us/kb/832017

     >>And is there a way to force it to use the standard or fixed ports?

    So, you couldn't force to use the standard or fixed ports.

    For more information about IANA port-assignment standards, go to the following IANA website:

    Best regards,


    Andy_Pan

    In my case it is a port LOWER then 49152. This is actually my problem. It is a standard DNS 2012 R2 installation on a new server fully patched. Nothing special.

    It is just a zone transfer to a Linux server over the internet. The Windows DNS server x.x.x.x. is the primary DNS server. On the firewall I see the source port  x.x.x.x:53 but the destination is for example y.y.y.y:13524 (UDP), where y.y.y.y is the IP of the Linux DNS server getting the update for the zone transfer.  I would expect something above 49152.



    • Edited by WiVM Thursday, December 17, 2015 11:00 AM
    Thursday, December 17, 2015 10:47 AM
  • It was a firewall issue where the session was terminate due to a wrong configuration. Problem solved.
    • Marked as answer by WiVM Friday, December 18, 2015 10:17 PM
    Friday, December 18, 2015 10:17 PM