Blog

DNS.exe High Memory Usage

Q. I did a fresh install of Windows 2008 R2 and my DNS memory consumption is going through the roof. If I reboot, it’s ok briefly, but then it goes up again. How can I stop it?

A. There are a lot of discussions about DNS high memory utilization on Windows 2008 R2 floating around. A lot of them point to disabling EDNS, which does not decrease the memory usage. The real problem is in fact due to the ports that DNS opens up: 2500 UDP IPv4 and 2500 UDP IPv6. This is a nice and round number for a busy production DNS server, however, for an internal DNS in a small office this is way too much.

To decrease the number of open ports, run the following command. For an internal DNS, with about 20 people in the office 100 ports is more than enough:

Dnscmd /Config /SocketPoolSize 100

Once command executed, restart DNS service – memory consumption should decrease.

You can also view how many ports you have open:

Dnscmd /Info /SocketPoolSize

Posted in: Uncategorized

Leave a Comment (3) ↓

3 Comments

  1. Damien August 28, 2013

    Decreasing the socketpool size will reduce the footprint, but the reason WHY is probably related to the number of CPUs on the system. This article talks about it here:

    http://www.jigsolving.com/activedirectory/dns-high-memory-utilization-domain-controller

    reply
  2. Prashant February 12, 2015

    hi,
    i am prashant (system administrator) , i have windows server 2012 standard edition
    server and i have issue in dns , DNS role high utilization show in router my internet all things are stop suddenly , When i stop dns services all things all normally and my internet bandwidth working fine .

    my observation dns upload to high usage port used high usage (upload something in background ) UDP _53 more high usage . unbelievable high upload usage.

    Please help me and give right direction to resolve this issue.

    reply
    • Andrew March 8, 2015

      Try enabling the DNS log and checking in it. You must having a client asking for a lot of DNS or maybe a DDOS attack happening.

      reply

Leave a Comment