MSSQL DAC

Dedicated Administrator Connection

SQL Server

SQL Diagnostics & Tuning

SQL Security

Enabling Remote Admin Connections allows a client application on a remote computer to use the Dedicated Administrator Connection (DAC).
Remote Admin Connections are Disabled by default. Enable only if fully justified. By default the DAC is only available to clients on the local computer.
In a "Hardened" SQL deployment this option should generally be Disabled.
SQL Server listens for the DAC on TCP port 1434 if available or a TCP port dynamically assigned upon Database Engine startup. The error log contains the port number the DAC is listening on.

There is a conflict of interest here. To reduce attack surface to increase security this option should be disabled. However, to be able to diagnose issues with the database instance when you are otherwise unable to connect this could prove invaluable. One suggestion is to use another remote admin method (e.g. PowerShell) to enable this option only when needed.

Check

USE master;

SELECT name,

CAST(value as int) as value_configured,

CAST(value_in_use as int) as value_in_use

FROM sys.configurations

WHERE name = 'remote admin connections'

AND SERVERPROPERTY('IsClustered') = 0;

Enable

The following example enables the DAC from a remote computer.

sp_configure 'remote admin connections', 1;

RECONFIGURE;

Disable

EXECUTE sp_configure 'remote admin connections', 0;

RECONFIGURE;

Example Usage

sqlcmd -S myServer,1434 -U myAdminUser -P myPasword -A

It's the -A that forces the DAC connection

Bibliography

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/remote-admin-connections-server-configuration-optionhttps://docs.microsoft.com/en-us/sql/database-engine/configure-windows/remote-admin-connections-server-configuration-option?view=sql-server-ver15https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/diagnostic-connection-for-database-administrators?view=sql-server-ver15