This came up on the 2k list and I had to double check why my thoughts were that the DNS port exclusion issue was not an impact on SBS 2008. The reason is that the DNS randomiztion on 2k8 is different than 2k3. 2k3 will possible grab ports all the way from 1024 (or something really low) up to 65536. 2k8 only randomizes it’s dns ports in the 49152 to 65535 range. Since most apps don’t ‘talk’ in that range the issue with SBS 2003′s services accidentally getting mangled by DNS grabbing random ports (typically seen as an IPsec service issue), doesn’t occur on SBS 2008.
Ephemeral port allocation occurs in the [49152-65535] port range before you install security update 953230 on Windows Server 2008. This port allocation behavior does not change after you install security update 953230.