Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

UDP Port 53

Status
Not open for further replies.
fantum0000

fantum0000

IS-IT--Management
Joined
Mar 18, 2005
Messages
4
Location
US
We get a lot of messages on our PIX for outbound
requests from clients originating on various ports
to remote IP addresses with port 53

IE: port 1851 -----> 192.175.48.42/53

IE: port 1853 -----> 192.175.48.42/53

IE: port 1854 -----> 192.175.48.42/53

what on the client side would originate such requests besides
DNS lookups?

i'm a neewbie at this so any help or pointers would
be appreciated.
 
Sort by date Sort by votes
Well looks like DNS querries from hosts, syslogs from PIX would provide a better picture
 
Upvote 0 Downvote
but why would they outbound request be generated with all these weird port numbers.
 
Upvote 0 Downvote
ALL clients use random ports above 1023 and servers listen on well defined ports. DNS servers for instance, will listen for DNS querries on UDP port 53 and clients will send the querries using random UDP ports above 1023. That behaviour is normal!
 
Upvote 0 Downvote
ok....not trying to be dumb but if noone is doing anything on the pc why would there be outbound dns queries to servers not on our network.

the reason i'm bringing this up is because our firewall guy has blocked port 53 outbound and we get thousands of entries everyday on the logs.
 
Upvote 0 Downvote
If DNS querries shouldn't go to servers outside your network, then use the logs you are receiving to pinpoint the machines querrying outside DNS servers, and look into those machines to try to determine why they are doing these querries. Maybe they have misconfigured DNS server entries on the TCP/IP stack, try to look throuroughly into these hosts
 
Upvote 0 Downvote
DNS requests can occur due to services running on the machine even when no one is logged on.. normal networking environment.

As far as the machine trying to send DNS requests outbound.. do you have an internal DNS server that is defined in the DHCP server?

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
yes we do have an internal 2003 server running DNS. it is the primary (and only) DNS server setup in DHCP for the clients.

i do understand that DNS lookups are normal. I just dont see why any services would try to send them to external servers. (im being thick)

by the way..thanks for the fast responses
 
Upvote 0 Downvote
Like I said, use the logs to determine which machines are sending DNS querries to external DNS servers. Then look into those machines to determine the reason for this behaviour. Check the TCP/IP properties maybe it has external DNS servers statically defined.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
498
Zero6
Zero6
Gartech
  • Locked
  • Question Question
LAN Port Test Device
Replies
3
Views
466
ipohead
ipohead
BleuBell
  • Locked
  • Question Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
322
BleuBell
BleuBell
amelamel
  • Locked
  • Question Question
port has faulty link
Replies
2
Views
783
ADB100
ADB100
CDIV
  • Locked
  • Question Question
Use uplink port as access port 2960
Replies
9
Views
1K
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top