question

John-7249 avatar image
0 Votes"
John-7249 asked LimitlessTechnology-2700 answered

Strange DNS connection attempts

I have a domain controller that also acts as the DNS server for devices that grab a DHCP address. I've noticed a lot of packets blocked on a firewall that the source IP is that of the DC and the source port is udp 53. The destination is to a mac OSX device with a destination port of anything from 40000 to 62000. Any ideas on what this could be trying? This is the only device in our domain that does this, we have quite a few Macs (dirty word I know) on our network and I've only ever seen this one do it.

Any ideas would be great, thank you!

windows-server-2019windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi John-7249,

UDP port 53 is the port used by OSX to resolve DNS.

The host tool on Max does not simply resolve names (as in, using the system name resolver) but actually queries dns servers (as in, sending packets to udp/53 and possibly tcp/53): it doesn't know nor use the local hosts file.

I suggest that you investigate the DNS settings on the problem device.



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.