Join Mike Danseglio for an in-depth discussion in this video DNS socket pools, part of Windows Server 2012 Active Directory: Network Services.
- If we just consider for a second the way a computer works and the way we communicate between one machine to another machine always using the same port. Or let's envision if we were driving home and we were in an area where we had to worry about terrorism or something like that, and we have to worry about driving back and forth to work every day. Right, one of the things I was taught in the military is when you live overseas, you never take the same route to work every day, you never take the same route home every day, you never go to the same coffee shop at the exact same time every day.
Because it allows people that are observing you to be able to then hack your environment. The same thing happens with our infrastructure. If we're utilizing DNS and every single time we did a query on DNS, whether it be a recursive query or we did iterative query, if every single time we did that query, from the same port, as a source port, eventually a hacker could capture enough packets that they would be able to then hack our DNS infrastructure. Whether it be, corrupt our cache or corrupt our database or just inject into our DNS environment, bad things.
One of the things DNS Socket Pooling, or DNS Socket Pools, allows our DNS server to do is every single time we do a DNS query our source port coming back from the DNS server we're querying, whether it be an iterative query or recursive query, is gonna be a different port number. So this makes it extremely tough for our DNS hackers out there that want to infiltrate our environment or want to poison our environment, to be able to prevent or inject those things into our environment.
DNS pooling is enabled by default on a Server 2008 R2 or later box. So it's going to prevent our DNS cache or even our DNS database from getting corrupted. The operating systems that are required for DNS pooling to be enabled, is Server 2008 R2 or Server 2012. And again it's enabled by default. And what this allows us to do is randomly every time the DNS server makes a query, it's going to use a random port number.
And it can pick from 2500 different port numbers out there that can be used for that source port. And it's not going to use a well known port. So it's going to use one of the not well known ports for doing the query. If I decided I wanted to change the value and I wanted to make it even more secure, I could use Dnscmd/config /SocketPoolSize and I can change that value anywhere from zero to 10,000.
So now I can randomly generate from zero to 10,000 numbers every single time I use a query going out to the outside world. That would make it a lot more secure than setting it to 100 or setting it to 200. So again, this feature called DNS Socket Pooling allows our DNS server every time we make an iterative query or every time it makes a recursive query, it's going to go out and it's going to make the source port that it's coming from as a different port number to make our DNS server more secure and prevent, whether it be DNS cache poisoning, or preventing something coming in on a port and corrupting our DNS server database.
It overall provides a better, more secure environment for DNS.