I wish to implement ip filtering on all my client PCs but I'm having problems with my Win2k3 dns server as the client-side port range is massive. To quote MS:
"By default, Windows Server 2003 and Windows 2000 Server DNS servers use ephemeral client-side ports when they query other DNS servers...."
Is there any proper way to reduce the port range on the dns server to a manageable number? Is there a way it can be reduced to a single port? Is there a performance issue with implementing this?
Also, under what conditions does a dns client and server choose to use udp over tcp? Is there any way of choosing just one protocol? Which one is better?