This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 48%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I have a domain controller that also acts as the DNS server for devices that grab a DHCP address. I've noticed a lot of packets blocked on a firewall that the source IP is that of the DC and the source port is udp 53. The destination is to a mac OSX device with a destination port of anything from 40000 to 62000. Any ideas on what this could be trying? This is the only device in our domain that does this, we have quite a few Macs (dirty word I know) on our network and I've only ever seen this one do it.
Any ideas would be great, thank you!
Hi John-7249,
UDP port 53 is the port used by OSX to resolve DNS.
The host tool on Max does not simply resolve names (as in, using the system name resolver) but actually queries dns servers (as in, sending packets to udp/53 and possibly tcp/53): it doesn't know nor use the local hosts file.
I suggest that you investigate the DNS settings on the problem device.
--If the reply is helpful, please Upvote and Accept as answer--