2008 R2 DNS consume memory

Discussion in 'DNS Server' started by NVVN, Jan 20, 2010.

  1. NVVN

    NVVN Guest

    Is there any particular reason why DNS in 2008 R2 is consuming much more
    memory (physical and virtual), right now 3,5 GB but climbing up when
    comparing against 2003 R2 (right now 2,5 GB and standing at that value).

    Those DNS servers are virtual (under hyper-v in FO HA cluster) and are
    in NLB.
     
    NVVN, Jan 20, 2010
    #1
    1. Advertisements

  2. Meinolf Weber [MVP-DS], Jan 20, 2010
    #2
    1. Advertisements

  3. Hi Meinolf,

    I submitted a response to that thread regarding DNS usage. I have a blog on
    DNS memory utilization and it's cause. The reason is based on the cache
    vulnerability update that was released in July, 2008, and built in to later
    SPs and releases. Here's what I posted at that Technet forum above:

    ===================
    I believe what everyone is seeing with DNS memory is due to the reserved UDP
    ports the DNS cache vulnerability update (originally released in July, 2008)
    is causing. This is by default to protect DNS cache poisoning.

    I put together a blog explaining the update and the consequences of memory
    utilization. My blog can be found in the following link.

    The DNS Cache Poisoning Vulnerability, Microsoft KB953230 Patch, and Ports
    Reservation Explained
    http://msmvps.com/blogs/acefekay/ar...30-patch-and-ports-reservation-explained.aspx

    Also, regarding EDNS0, you don't have to disable EDNS0 on the DNS server.
    The EDNS0 extensions have been around since 1998, and first implemented in
    Windows 2003. So it's been around for quite some time. The problem is not
    Windows supporting EDNS0, is the network edge firewall does not support it,
    possibly either because it is an older firewall that hasn't been updated, or
    a newer one that EDNS0 has not been enabled.

    The *fix* is simply to update the edge router/firewall with the vendor's
    latest IOS to handle EDNS0. Consult your vendor's firewall documentation on
    how to do that.

    The workaround is also to simply use a forwarder to an ISP's DNS server that
    does support EDNS0. I saw one poster earlier explain that forwarding didn't
    work. Apparently the forwarder used in that scenario doesn't support EDNS0.

    Also, I suggest to not use the loopback for a DNS address on a DC. Use the
    actual IP.

    I hope this helps.

    Ace
    =======================


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please
    contact Microsoft PSS directly. Please check http://support.microsoft.com
    for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Jan 20, 2010
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.