change/set Windows Server 2003 DNS Query Ports

My Primary DNS is handled by my firewall cluster. They handle DNS for everyting, except for my AD integrated zones. My AD Domain Controllers forward requests and perform queries on these firewalls for anything in DNS that they do not know.

It appears, that each one of these domain controllers has settled upon a port that it will use for these queries. Port 1051 for one server, and poert 1065 for the other. My problem is that the way my firewall cluster is configured, one handles the even ports, and the other handles the odd ports. I would like to see my Domain controllers talking to two different nodes of the cluster if possible for some additional redundancy.

So - how do i change the port that DNS queries are made on?
LVL 9
atheluAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NJComputerNetworksCommented:
hmm... it is my understanding that DNS uses:

Perform a DNS Lookup
To perform a DNS lookup across a firewall ports 53/tcp and 53/udp must be open. DNS is used for name resolution and supports other services such as the domain controller locator.


Port 1051 is a registered port for OptimaVNET
Port 1065 is a registered port for Syscomlan

Ports:  http://www.iana.org/assignments/port-numbers

0
NJComputerNetworksCommented:
If you have a setup like this:

IP of DNS server 1 = 10.10.10.11
IP of DNS server 2 = 10.10.10.12
IP of DNS Cluster or Virtual IP = 10.10.10.13

You can set up your DNS Forwarding like this...

Open the DNS console.  right click your server name, and choose properties from the drop down box.  Click the FORWARDER tab...and enter the following IP address:

For DNS server 1:
10.10.10.11
10.10.10.12
10.10.10.13


For DNS server 2:
10.10.10.12
10.10.10.11
10.10.10.13
0
TheCleanerCommented:
"Port 1051 for one server, and poert 1065 for the other"

You are talking simply about the host port that is being used to communicate to port 53 on the DNS server on your firewalls.  They (1051, 1065) are dynamic and will change often, that's just the way TCP/IP works.

Your server is going to make the request so it sends a request to DNSFirewall:53 and it replies back and says ok let's talk, so it negotiates an upper open port on your server (in this case 1051) for the communcations...

Can't get around this...
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

NJComputerNetworksCommented:
really?  i thought dynamic ports were higher in range?

The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151

The Dynamic and/or Private Ports are those from 49152 through 65535
0
TheCleanerCommented:
I'm talking about local ports for establishing a connection outbound.

For instance, go to cmd line and do a netstat -a -n right now.

You'll see lots of "established" connections probably to websites, etc.  The local IP will have ports assigned as well, because that's the port on the local PC/server that is establishing the connection for you.  Otherwise with only 1 port on your local machine you'd be limited to a single connection to something.

0
TheCleanerCommented:
LOL, I kept racking my brain to remember what the heck they are called...ephemeral ports

See this walkthrough:

http://www.tcpipguide.com/free/t_TCPIPClientEphemeralPortsandClientServerApplicatio.htm

or just google ephemeral ports
0
NJComputerNetworksCommented:
Hey thanks for the information. ...


It looks like, in this case, you really can't control the ephemeral port number for DNS queries.  These are dynamic and may (probably will) change over time.
0
MazaraatCommented:
wow, I was just browsing through and found this.  Thanks for the link THEcleaner =) good tcpip info
0
TheCleanerCommented:
LOL, not a problem...

I knew even though I hate Cisco going through their CCNA program would pay off :)
0
atheluAuthor Commented:
Yes - this is the host port I am talking about. It is just odd that it had held onto these particular ports for so long. Maybe it uses the same ones until a restart or something? I thought it was supposed to pick a new one with each call, but I guess I am wrong.
0
TheCleanerCommented:
I'm not positive on that aspect.  I believe it picks the next available port/socket and then uses that until it no longer has the connection.  It's probably using the same one over and over because that is always the next one free/available.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.