Strange DNS connection attempts

John 76 Reputation points
2022-05-04T02:29:17.143+00:00

I have a domain controller that also acts as the DNS server for devices that grab a DHCP address. I've noticed a lot of packets blocked on a firewall that the source IP is that of the DC and the source port is udp 53. The destination is to a mac OSX device with a destination port of anything from 40000 to 62000. Any ideas on what this could be trying? This is the only device in our domain that does this, we have quite a few Macs (dirty word I know) on our network and I've only ever seen this one do it.

Any ideas would be great, thank you!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,601 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,035 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,501 Reputation points
    2022-05-05T07:54:11.527+00:00

    Hi John-7249,

    UDP port 53 is the port used by OSX to resolve DNS.

    The host tool on Max does not simply resolve names (as in, using the system name resolver) but actually queries dns servers (as in, sending packets to udp/53 and possibly tcp/53): it doesn't know nor use the local hosts file.

    I suggest that you investigate the DNS settings on the problem device.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

0 additional answers

Sort by: Most helpful