Strange DNS connection attempts

John 81 Reputation points
2022-05-04T02:29:17.143+00:00

I have a domain controller that also acts as the DNS server for devices that grab a DHCP address. I've noticed a lot of packets blocked on a firewall that the source IP is that of the DC and the source port is udp 53. The destination is to a mac OSX device with a destination port of anything from 40000 to 62000. Any ideas on what this could be trying? This is the only device in our domain that does this, we have quite a few Macs (dirty word I know) on our network and I've only ever seen this one do it.

Any ideas would be great, thank you!

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,926 Reputation points
    2022-05-05T07:54:11.527+00:00

    Hi John-7249,

    UDP port 53 is the port used by OSX to resolve DNS.

    The host tool on Max does not simply resolve names (as in, using the system name resolver) but actually queries dns servers (as in, sending packets to udp/53 and possibly tcp/53): it doesn't know nor use the local hosts file.

    I suggest that you investigate the DNS settings on the problem device.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.