What is udp port 53

The flag field contains sections of one or four bits, indicating the type of message, whether the name server is authoritative; whether the query is recursive or not, whether the request was truncated, and status.

Each label in the domain name is prefixed by its length. The answer section has the resource records of the queried name. Tcpdump is a very powerful Linux command to capture DNS packets.

We can use the following tcpdump command to capture DNS packets. We will see many packets like this. All of these packets are based on UDP protocol. This is the packet of DNS query we run with the above dig command.

The above example is based on the UDP protocol. This is a typical TCP connection request which includes a 3-way handshake, transfer data, four-way closure.

This is much more complex compared to UDP. Most organizations have numerous DNS servers. These servers will exchange information between each other in what is referred to as zone transfers. It is difficult to imagine the practical use of the Internet without the convenient name-to-IP address mapping provided by DNS.

In fact, the only real threat to the operation of the Internet is the lurking possibility of a massive distributed denial of service DoS attack being used to hold the Internet's primary and secondary DNS servers off the Net long enough for all cached copies of DNS records to expire throughout the Internet.

This would take about one week. Although such a concerted attack on DNS would not take the Internet itself down, it would rob the world of the convenient DNS domain naming that we all take for granted, and effectively kill the Internet for the continued duration of the attack.

Our machines ask for and receive the results of "DNS lookups" which provide the IP address associated with the domain name and specific machine with which we wish to communicate. Similarly, it is quite uncommon for an end-user's machine to be running a public DNS server. Create a free Team What is Teams? Learn more. Ask Question. Asked 8 years, 8 months ago. Active 8 years, 8 months ago. Viewed 59k times. Port 53 is open for DNS. Why would I need this? Improve this question. Add a comment.

Active Oldest Votes. Improve this answer. Shane Madden Shane Madden k 12 12 gold badges silver badges bronze badges. ChristopherIckes No. Your server still needs to make outbound DNS queries - inbound port 53 UDP traffic must be allowed the responses to your queries for those to function correctly. Show 1 more comment. Hennes Hennes 4, 1 1 gold badge 17 17 silver badges 29 29 bronze badges. Jacob Jacob 9, 4 4 gold badges 43 43 silver badges 56 56 bronze badges.

And oops. I meant "open the port" not "secure the port". Editted — csi. If you want to use your server as a DNS server for example you're hosting your own domains. You can run tcpdump on a host and then issue a DNS lookup from another terminal or browser to confirm this: 'tcpdump -n -s -i eth0 udp port 53' So to answer your question: You would only open port 53 on a host that is offering DNS services to a network.

Some firewall software including iptables, as mentioned by mindthemonkey in the comments on my answer will track a fake connection and allow the traffic as an established connection, but make no mistake: UDP is stateless, and unless your firewall's being smart about allowing responses to recent queries, you need UDP port 53 open to get packets in response to your queries.

I am writing this message from a machine with port 53 closed.