Questions

How to close DNS UDP ports?

+
0 Votes
Locked

How to close DNS UDP ports?

edelac379
After reviewing a vulnerability scan on our network it seems that DNS is using some ports which are considered "dangerous". I found out that dns.exe is using tons of ports and that some of these "bad" ports are in use.

Is there a way to close these specific ports?
  • +
    0 Votes
    Nimmo

    I don't want to sound patronizing or rude but do you know what DNS actually does? It's is pretty much one of the most important protocols on the internet these days, if you didn't use/have DNS you would spend your days typing in IP addresses to visit web sites.

    DNS uses port 53 UDP but TCP port 53 does get used sometimes (some programs also use TCP 53 for all DNS queries). If you close these ports your going to get a lot of problems.

    What ports were showing up on the results? You may want to take a look through this list of ports and confirm what protocol they really are if they are not on 53. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    If you really do want to test and see what happens when you block these ports just block it at the firewall.

    +
    0 Votes
    SYNner

    RFC 1035 does not specify any other port other than tcp/53 and udp/53. DNS services uses UDP/53 most of the time. If a request takes more than one packet to complete, DNS will switch to TCP. If you are seeing a DNS.exe process in your systems and it's using other ports, you may have a compromised system.

  • +
    0 Votes
    Nimmo

    I don't want to sound patronizing or rude but do you know what DNS actually does? It's is pretty much one of the most important protocols on the internet these days, if you didn't use/have DNS you would spend your days typing in IP addresses to visit web sites.

    DNS uses port 53 UDP but TCP port 53 does get used sometimes (some programs also use TCP 53 for all DNS queries). If you close these ports your going to get a lot of problems.

    What ports were showing up on the results? You may want to take a look through this list of ports and confirm what protocol they really are if they are not on 53. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    If you really do want to test and see what happens when you block these ports just block it at the firewall.

    +
    0 Votes
    SYNner

    RFC 1035 does not specify any other port other than tcp/53 and udp/53. DNS services uses UDP/53 most of the time. If a request takes more than one packet to complete, DNS will switch to TCP. If you are seeing a DNS.exe process in your systems and it's using other ports, you may have a compromised system.