DNS servers uses same source port for forwarding

[Amol Tipnis]

DNS server on Win 2003 uses same source port while
forwarding requests to the forwarder. This is causing
packets to drop on the firewall (due to same src ip/port-
dst ip/port pair) coz of clashing in the connection table
when too many queries are forwarded. Is there any option
so that different (random) src ports are used while
forwarding dns queries?

[sharad]

The actual issue could be EDNS0 Probes, which is by default enabled on win
2003 DNS. and most firewalls do not support this. To disable ENDS0 please
follow the below link.

828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&Product=winsvr2003

Sharad

"Amol Tipnis" <anon...@discussions.microsoft.com> wrote in message
news:1221101c3f619$d9339ec0$a001...@phx.gbl...

[Amol Tipnis]

Thanks sharad.

But my Checkpoint firewall is showing the log "Connection
contains real IP of NATed address". Checkpoint suggests
clashing of connection table ie: too many packets been
sent across the firewall with the src ip/port and dst
ip/port pair matching.

I thought if it is possible to have the Win2003 server use
random src ports while forwarding queries then it would
solve the problem.

I will try out EDNS0 Probes to stop and check it.

thanks a lot.
-amol

>.
>

[sharad]

Well with EDNS0 Probes Enabled, the DNS uses more than 512 bytes packets on
UDP and most of the firewall
won't suport this and this could be the reason for 'Too many packets".
Try disabling EDNS0.

Sharad
"Amol Tipnis" <anon...@discussions.microsoft.com> wrote in message

news:11ab901c3f624$a0198b30$a101...@phx.gbl...