<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I wish to implement ip filtering on all my client PCs but I'm having problems with my Win2k3 dns server as the client-side port range is massive. To quote MS:<br />
<br />
&quot;By default, Windows Server 2003 and Windows 2000 Server DNS servers use ephemeral client-side ports when they query other DNS servers....&quot;<br />
<br />
Is there any proper way to reduce the port range on the dns server to a manageable number? Is there a way it can be reduced to a single port? Is there a performance issue with implementing this?<br />
<br />
Also, under what conditions does a dns client and server choose to use udp over tcp? Is there any way of choosing just one protocol? Which one is better?<br />
<br />
Thanks
</div>
</div>


Hi,

I wish to implement ip filtering on all my client PCs but I'm having problems with my Win2k3 dns server as the client-side port range is massive. To quote MS:

"By default, Windows Server 2003 and Windows 2000 Server DNS servers use ephemeral client-side ports when they query other DNS servers...."

Is there any proper way to reduce the port range on the dns server to a manageable number? Is there a way it can be reduced to a single port? Is there a performance issue with implementing this?

Also, under what conditions does a dns client and server choose to use udp over tcp? Is there any way of choosing just one protocol? Which one is better?

Thanks

DNS Client port range

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.