none
DNS queries from UDP/53 source port RRS feed

  • Question

  • Hello,

    I have a simple setup: DNS server (X.X.X.X) and a client. Client runs Windows 7.

    I'm trying to resolve a name www.microsoft.com. using nslookup from the client as follows:

    nslookup www.microsoft.com. X.X.X.X

    and see the traffic with a sniffer. The queries are sent from the UDP port 53 to randomly selected UDP port (let's say 57995). Of course the server responds with ICMP port unreachable.

    The issue is observed only for Internet FQDNs. I also have a local zone (.local.), and names from that zone are resolved correctly (queries go to UDP/53).

    My question is: how is it possible that a client sends DNS queries FROM UDP/53 instead of sending them TO UDP/53?

    Any help is appreciated.

    Sunday, April 9, 2017 4:04 PM

All replies

  • Hi Andrey,

    >>My question is: how is it possible that a client sends DNS queries FROM UDP/53 instead of sending them TO UDP/53?

    As far as I know, this process is by design.

    Here is article below about DNS port for your reference:

    Network Ports Used by DNS

    https://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 10, 2017 6:30 AM
  • Hi John,

    No, this is not by design. And you article proves that: "...all DNS queries are sent from a high-numbered source port (49152 or above) to destination port 53...".

    In my case DNS queries are sent from a source port 53 to a high-numbered destination port (49152 or above).

    Andrey.

    Monday, April 10, 2017 7:25 AM
  • Hi Andrey,

    >>In my case DNS queries are sent from a source port 53 to a high-numbered destination port (49152 or above).

    DNS server send response to client by using port from 53 to a high-numbered port.

    Could you please provide details of this issue to here for further troubleshooting?

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by John Lii Monday, April 24, 2017 6:18 AM
    Tuesday, April 11, 2017 2:11 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 24, 2017 6:18 AM