change/set Windows Server 2003 DNS Query Ports
My Primary DNS is handled by my firewall cluster. They handle DNS for everyting, except for my AD integrated zones. My AD Domain Controllers forward requests and perform queries on these firewalls for anything in DNS that they do not know.
It appears, that each one of these domain controllers has settled upon a port that it will use for these queries. Port 1051 for one server, and poert 1065 for the other. My problem is that the way my firewall cluster is configured, one handles the even ports, and the other handles the odd ports. I would like to see my Domain controllers talking to two different nodes of the cluster if possible for some additional redundancy.
So - how do i change the port that DNS queries are made on?
It appears, that each one of these domain controllers has settled upon a port that it will use for these queries. Port 1051 for one server, and poert 1065 for the other. My problem is that the way my firewall cluster is configured, one handles the even ports, and the other handles the odd ports. I would like to see my Domain controllers talking to two different nodes of the cluster if possible for some additional redundancy.
So - how do i change the port that DNS queries are made on?
If you have a setup like this:
IP of DNS server 1 = 10.10.10.11
IP of DNS server 2 = 10.10.10.12
IP of DNS Cluster or Virtual IP = 10.10.10.13
You can set up your DNS Forwarding like this...
Open the DNS console. right click your server name, and choose properties from the drop down box. Click the FORWARDER tab...and enter the following IP address:
For DNS server 1:
10.10.10.11
10.10.10.12
10.10.10.13
For DNS server 2:
10.10.10.12
10.10.10.11
10.10.10.13
IP of DNS server 1 = 10.10.10.11
IP of DNS server 2 = 10.10.10.12
IP of DNS Cluster or Virtual IP = 10.10.10.13
You can set up your DNS Forwarding like this...
Open the DNS console. right click your server name, and choose properties from the drop down box. Click the FORWARDER tab...and enter the following IP address:
For DNS server 1:
10.10.10.11
10.10.10.12
10.10.10.13
For DNS server 2:
10.10.10.12
10.10.10.11
10.10.10.13
"Port 1051 for one server, and poert 1065 for the other"
You are talking simply about the host port that is being used to communicate to port 53 on the DNS server on your firewalls. They (1051, 1065) are dynamic and will change often, that's just the way TCP/IP works.
Your server is going to make the request so it sends a request to DNSFirewall:53 and it replies back and says ok let's talk, so it negotiates an upper open port on your server (in this case 1051) for the communcations...
Can't get around this...
You are talking simply about the host port that is being used to communicate to port 53 on the DNS server on your firewalls. They (1051, 1065) are dynamic and will change often, that's just the way TCP/IP works.
Your server is going to make the request so it sends a request to DNSFirewall:53 and it replies back and says ok let's talk, so it negotiates an upper open port on your server (in this case 1051) for the communcations...
Can't get around this...
really? i thought dynamic ports were higher in range?
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
I'm talking about local ports for establishing a connection outbound.
For instance, go to cmd line and do a netstat -a -n right now.
You'll see lots of "established" connections probably to websites, etc. The local IP will have ports assigned as well, because that's the port on the local PC/server that is establishing the connection for you. Otherwise with only 1 port on your local machine you'd be limited to a single connection to something.
For instance, go to cmd line and do a netstat -a -n right now.
You'll see lots of "established" connections probably to websites, etc. The local IP will have ports assigned as well, because that's the port on the local PC/server that is establishing the connection for you. Otherwise with only 1 port on your local machine you'd be limited to a single connection to something.
LOL, I kept racking my brain to remember what the heck they are called...ephemeral ports
See this walkthrough:
http://www.tcpipguide.com/free/t_TCPIPClientEphemeralPortsandClientServerApplicatio.htm
or just google ephemeral ports
See this walkthrough:
http://www.tcpipguide.com/free/t_TCPIPClientEphemeralPortsandClientServerApplicatio.htm
or just google ephemeral ports
Hey thanks for the information. ...
It looks like, in this case, you really can't control the ephemeral port number for DNS queries. These are dynamic and may (probably will) change over time.
It looks like, in this case, you really can't control the ephemeral port number for DNS queries. These are dynamic and may (probably will) change over time.
wow, I was just browsing through and found this. Thanks for the link THEcleaner =) good tcpip info
LOL, not a problem...
I knew even though I hate Cisco going through their CCNA program would pay off :)
I knew even though I hate Cisco going through their CCNA program would pay off :)
ASKER
Yes - this is the host port I am talking about. It is just odd that it had held onto these particular ports for so long. Maybe it uses the same ones until a restart or something? I thought it was supposed to pick a new one with each call, but I guess I am wrong.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Perform a DNS Lookup
To perform a DNS lookup across a firewall ports 53/tcp and 53/udp must be open. DNS is used for name resolution and supports other services such as the domain controller locator.
Port 1051 is a registered port for OptimaVNET
Port 1065 is a registered port for Syscomlan
Ports: http://www.iana.org/assignments/port-numbers