search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
3.86k stars 401 forks source link

DnsService.exe uses almost all udp ports #782

Closed ziasistani closed 4 months ago

ziasistani commented 7 months ago

Issue:

DnsService.exe uses almost all udp ports from 1036 to 65517. Is it normal operation ?

Test Spec:

OS: Microsoft Windows [Version 10.0.19045.3570] Version: Technitium Server Version 11.5.3

Symptoms:

I used netstat -naO

the result is as below:

``` [DnsService.exe] UDP 0.0.0.0:1036 *:* [DnsService.exe] UDP 0.0.0.0:1102 *:* [DnsService.exe] UDP 0.0.0.0:1124 *:* [DnsService.exe] UDP 0.0.0.0:1134 *:* [DnsService.exe] UDP 0.0.0.0:1145 *:* [DnsService.exe] UDP 0.0.0.0:1161 *:* [DnsService.exe] UDP 0.0.0.0:1168 *:* [DnsService.exe] UDP 0.0.0.0:1184 *:* [DnsService.exe] UDP 0.0.0.0:1216 *:* [DnsService.exe] UDP 0.0.0.0:1232 *:* [DnsService.exe] UDP 0.0.0.0:1233 *:* [DnsService.exe] UDP 0.0.0.0:1238 *:* [DnsService.exe] UDP 0.0.0.0:1301 *:* [DnsService.exe] UDP 0.0.0.0:1318 *:* [DnsService.exe] UDP 0.0.0.0:1349 *:* [DnsService.exe] UDP 0.0.0.0:1381 *:* [DnsService.exe] UDP 0.0.0.0:1384 *:* [DnsService.exe] UDP 0.0.0.0:1420 *:* [DnsService.exe] UDP 0.0.0.0:1422 *:* [DnsService.exe] UDP 0.0.0.0:1436 *:* [DnsService.exe] UDP 0.0.0.0:1468 *:* [DnsService.exe] UDP 0.0.0.0:1509 *:* [DnsService.exe] UDP 0.0.0.0:1561 *:* [DnsService.exe] UDP 0.0.0.0:1629 *:* [DnsService.exe] UDP 0.0.0.0:1647 *:* [DnsService.exe] UDP 0.0.0.0:1650 *:* [DnsService.exe] UDP 0.0.0.0:1660 *:* [DnsService.exe] UDP 0.0.0.0:1687 *:* [DnsService.exe] UDP 0.0.0.0:1719 *:* [DnsService.exe] UDP 0.0.0.0:1745 *:* [DnsService.exe] UDP 0.0.0.0:1777 *:* [DnsService.exe] UDP 0.0.0.0:1798 *:* [DnsService.exe] UDP 0.0.0.0:1801 *:* [DnsService.exe] UDP 0.0.0.0:1804 *:* [DnsService.exe] UDP 0.0.0.0:1816 *:* [DnsService.exe] UDP 0.0.0.0:1831 *:* [DnsService.exe] UDP 0.0.0.0:1857 *:* [DnsService.exe] UDP 0.0.0.0:1859 *:* [DnsService.exe] UDP 0.0.0.0:1881 *:* [DnsService.exe] UDP 0.0.0.0:1902 *:* [DnsService.exe] UDP 0.0.0.0:1959 *:* [DnsService.exe] UDP 0.0.0.0:1975 *:* [DnsService.exe] UDP 0.0.0.0:1978 *:* [DnsService.exe] UDP 0.0.0.0:1984 *:* [DnsService.exe] UDP 0.0.0.0:2019 *:* [DnsService.exe] UDP 0.0.0.0:2038 *:* [DnsService.exe] UDP 0.0.0.0:2068 *:* [DnsService.exe] UDP 0.0.0.0:2128 *:* [DnsService.exe] UDP 0.0.0.0:2149 *:* [DnsService.exe] UDP 0.0.0.0:2165 *:* [DnsService.exe] UDP 0.0.0.0:2214 *:* [DnsService.exe] UDP 0.0.0.0:2253 *:* [DnsService.exe] UDP 0.0.0.0:2254 *:* [DnsService.exe] UDP 0.0.0.0:2304 *:* [DnsService.exe] UDP 0.0.0.0:2344 *:* [DnsService.exe] UDP 0.0.0.0:2412 *:* ... [DnsService.exe] UDP 0.0.0.0:65066 *:* [DnsService.exe] UDP 0.0.0.0:65082 *:* [spoolsv.exe] UDP 0.0.0.0:65106 *:* [DnsService.exe] UDP 0.0.0.0:65110 *:* [DnsService.exe] UDP 0.0.0.0:65113 *:* [DnsService.exe] UDP 0.0.0.0:65131 *:* [DnsService.exe] UDP 0.0.0.0:65144 *:* [DnsService.exe] UDP 0.0.0.0:65148 *:* [DnsService.exe] UDP 0.0.0.0:65194 *:* [DnsService.exe] UDP 0.0.0.0:65228 *:* [DnsService.exe] UDP 0.0.0.0:65244 *:* [DnsService.exe] UDP 0.0.0.0:65246 *:* [DnsService.exe] UDP 0.0.0.0:65277 *:* [DnsService.exe] UDP 0.0.0.0:65312 *:* [DnsService.exe] UDP 0.0.0.0:65321 *:* [DnsService.exe] UDP 0.0.0.0:65415 *:* [DnsService.exe] UDP 0.0.0.0:65492 *:* [DnsService.exe] UDP 0.0.0.0:65509 *:* [DnsService.exe] UDP 0.0.0.0:65511 *:* [DnsService.exe] UDP 0.0.0.0:65517 *:* ```

Hemsby commented 7 months ago

This is by design on Windows. So it is normal operation.

ShreyasZare commented 7 months ago

Its normal on Windows. The DNS server opens 2500 random UDP ports between 1024 and 65535 which are then pooled and used for making outbound DNS requests. This is a security feature to randomize outbound UDP port making it hard to spoof a valid response by an attacker.