Export (0) Print
Expand All
3 out of 4 rated this helpful - Rate this topic

DNS Socket Pool

Published: October 21, 2009

The socket pool enables a DNS server to use source port randomization when issuing DNS queries. This provides enhanced security against cache poisoning attacks. The socket pool is enabled with default settings on computers that have installed Security Update MS08-037 (http://go.microsoft.com/fwlink/?LinkID=148634). You can also customize socket pool settings.

A DNS server running Windows Server® 2008 R2, or that has installed security update MS08-037, will use source port randomization to protect against DNS cache poisoning attacks. With source port randomization, the DNS server will randomly pick a source port from a pool of available sockets that it opens when the service starts.

Instead of using a predicable source port when issuing queries, the DNS server uses a random port number selected from this pool, known as the socket pool. The socket pool makes cache poisoning attacks more difficult because an attacker must correctly guess the source port of a DNS query in addition to a random transaction ID to successfully execute the attack.

This feature will be of interest to IT professionals who manage Active Directory® Domain Services (AD DS) and DNS, as well as to security administrators.

The socket pool is automatically enabled with default settings if you have installed Security Update MS08-037 (http://go.microsoft.com/fwlink/?LinkID=148634). Ports numbers that are reserved for the socket pool depend on the operating system. For more information about the range of port numbers reserved, see Microsoft Knowledge Base article 956188 (http://go.microsoft.com/fwlink/?LinkID=165771).

The default size of the socket pool is 2500. When you configure the socket pool, you can choose a size value from 0 to 10000. The larger the value, the greater protection you will have against DNS spoofing attacks. If you configure a socket pool size of zero, the DNS server will use a single socket for remote DNS queries. If the DNS server is running Windows Server 2008 R2, you can also configure a socket pool exclusion list.

The following registry keys can be used to configure the Socket Pool. However, the recommended method for configuring Socket Pool settings is with the dnscmd.exe command line tool. For more information about configuring the Socket Pool, see Configure the Socket Pool.

Registry settings

 

Setting name Location Type Default value Possible values

SocketPoolSize

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters

REG_DWORD

2500

0 to 10000

SocketPoolExcludedPortRanges

Windows Server 2008 R2 only.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters

REG_MULTI_SZ

N/A

1 to 65535

Configured as a port range (ex: 4000-5000). To specify a single port, use the same start and end value.

TipTip
To apply changes to settings for the Socket Pool, you must restart the DNS service.

This feature is available in all editions.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.