"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:. com...
> Hello NVVN,
>
> Check out the answers from OWScott in:
> http://social.technet.microsoft.com/...6-55f2dcbc78f8
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi Meinolf,
I submitted a response to that thread regarding DNS usage. I have a blog on
DNS memory utilization and it's cause. The reason is based on the cache
vulnerability update that was released in July, 2008, and built in to later
SPs and releases. Here's what I posted at that Technet forum above:
===================
I believe what everyone is seeing with DNS memory is due to the reserved UDP
ports the DNS cache vulnerability update (originally released in July, 2008)
is causing. This is by default to protect DNS cache poisoning.
I put together a blog explaining the update and the consequences of memory
utilization. My blog can be found in the following link.
The DNS Cache Poisoning Vulnerability, Microsoft KB953230 Patch, and Ports
Reservation Explained
http://msmvps.com/blogs/acefekay/arc...explained.aspx
Also, regarding EDNS0, you don't have to disable EDNS0 on the DNS server.
The EDNS0 extensions have been around since 1998, and first implemented in
Windows 2003. So it's been around for quite some time. The problem is not
Windows supporting EDNS0, is the network edge firewall does not support it,
possibly either because it is an older firewall that hasn't been updated, or
a newer one that EDNS0 has not been enabled.
The *fix* is simply to update the edge router/firewall with the vendor's
latest IOS to handle EDNS0. Consult your vendor's firewall documentation on
how to do that.
The workaround is also to simply use a forwarder to an ISP's DNS server that
does support EDNS0. I saw one poster earlier explain that forwarding didn't
work. Apparently the forwarder used in that scenario doesn't support EDNS0.
Also, I suggest to not use the loopback for a DNS address on a DC. Use the
actual IP.
I hope this helps.
Ace
=======================
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check
http://support.microsoft.com
for regional support phone numbers.
Similar Threads
Linear Mode
