We recently had a vulnerability assessment done against our Azure App Service Container and it showed a DNS service listening on UDP/53. It appears to be Unbound, a DNS resolver. This is listed as a Medium vulnerability as it provides for potential cache poisoning or be used for DoS bounce attacks.
I could not find anything on this in any documentation or any other discussions about it. It appears in all of our different App Service Containers.
Can anyone please provide any insight on this service and if it's needed or if it's possible to disable it?
We have a Basic multi-tenant plan for our App Services so I think we may need to upgrade to provide additional features to block access to the service but I wanted to reach out before making that assumption.