Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 16, 2015 3:42 PM
Hi,
This document specifies that a random port numbered 49152 or above is used for responses to remote DNS server: https://technet.microsoft.com/en-us/library/dd197515%28v=ws.10%29.aspx
But when I check our firewall logs I noticed that this Microsoft 2012 R2 DNS server answers with random ports around UDP 10000-12000 for zone transfers to a PowerDNS Linux based DNS server. The zone transfer failed until I granted also the UDP ports below 49152.
Why does the Microsoft DNS server answers with UDP ports below 49152? And is there a way to force it to use the standard or fixed ports?
Thank you
All replies (4)
Friday, December 18, 2015 10:17 PM âś…Answered
It was a firewall issue where the session was terminate due to a wrong configuration. Problem solved.
Wednesday, December 16, 2015 7:42 PM
A DNS server listens for requests on port 53 (both UDP and TCP).
So all DNS requests are sent to port 53, usually from an application port (>1023).
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
TCP/IP port numbers are often categorized as either "server ports" (1 to 1023), or "application ports" (>1023).
Most server programs listen for requests on a "server port", and client programs (applications) communicate with the server from a random "application port".
Unfortunately you can't restrict on which port application send except if you had any configuration from application side to send request on specific port.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer" Mai Ali | My blog:Technical | Twitter: Mai Ali
Thursday, December 17, 2015 9:26 AM
Hi WiVM,
>>Why does the Microsoft DNS server answers with UDP ports below 49152?
Windows Server 2008 and Windows Server 2008 R2 have increased the dynamic client port range for outgoing connections. The new default start port is 49152, and the default end port is 65535.
This change was made to comply with Internet Assigned Numbers Authority (IANA) recommendations.
For more related information, please refer to link below:
https://support.microsoft.com/en-us/kb/929851
https://support.microsoft.com/en-us/kb/832017
>>And is there a way to force it to use the standard or fixed ports?
So, you couldn't force to use the standard or fixed ports.
For more information about IANA port-assignment standards, go to the following IANA website:
http://www.iana.org/assignments/port-numbers
Best regards,
Andy_Pan
Thursday, December 17, 2015 10:47 AM
Hi WiVM,
>>Why does the Microsoft DNS server answers with UDP ports below 49152?
Windows Server 2008 and Windows Server 2008 R2 have increased the dynamic client port range for outgoing connections. The new default start port is 49152, and the default end port is 65535.
This change was made to comply with Internet Assigned Numbers Authority (IANA) recommendations.
For more related information, please refer to link below:
https://support.microsoft.com/en-us/kb/929851
https://support.microsoft.com/en-us/kb/832017
>>And is there a way to force it to use the standard or fixed ports?
So, you couldn't force to use the standard or fixed ports.
For more information about IANA port-assignment standards, go to the following IANA website:
http://www.iana.org/assignments/port-numbers
Best regards,
Andy_Pan
In my case it is a port LOWER then 49152. This is actually my problem. It is a standard DNS 2012 R2 installation on a new server fully patched. Nothing special.
It is just a zone transfer to a Linux server over the internet. The Windows DNS server x.x.x.x. is the primary DNS server. On the firewall I see the source port x.x.x.x:53 but the destination is for example y.y.y.y:13524 (UDP), where y.y.y.y is the IP of the Linux DNS server getting the update for the zone transfer. I would expect something above 49152.