Closed Alcazer closed 9 months ago
Thanks for the post. Yes, its normal. This is a security feature added for Windows deployments to randomize the UDP port number for outbound requests. This has no effect on performance so any performance issue you see is just co-relation and mostly is due to loss of cache. Once you have the server running for a while, the performance will improve as the cache fills up.
I've been following it intermittently for about 3-4 hours. There are around 2500 active udp connections so i wanted to ask if there is anything abnormal.
Thanks for quick reply
I've been following it intermittently for about 3-4 hours. There are around 2500 active udp connections so i wanted to ask if there is anything abnormal.
Yes, 2500 is the socket pool size.
Thanks for quick reply
You're welcome.
Yes, 2500 is the socket pool size.
Isn't 2500 too much? Wouldn't it be better if it could be changed from settings?
Isn't 2500 too much? Wouldn't it be better if it could be changed from settings?
No, its adequate to be random enough. Any less would affect the security its supposed to provide. It can be increased to get more randomization but this value is good enough.
If a setting was provided then many people would just set to an extremely low value after seeing the output of netstat command and that would undermine the entire purpose of having this security feature.
On Windows, the socket port is incremented sequentially and not randomized like on Linux. Thus an attacker can predict which UDP port will most likely be used for next query to try DNS spoofing attacks.
This is how its implemented in Microsoft DNS server too.
Hello @ShreyasZare,
I was using version 9.1 before updating to version 11.4.1. I didn't encounter this problem before the update. It's slowed down after the update. As if there is something wrong, is the following normal?
tasklist | findstr /c:"DnsService.exe"
netstat -a -o -n | findstr /c:"26248"
and more ...