logo

Port 53 – DNS (Domain Name System)

Service:

bind ,
dnsmasq ,
unbound

Protocol:

UDP (mostly), TCP (for zone transfers)

Port:

53

Used for:

Resolving domain names to IP addresses

Why It’s Open

Port 53 is essential for DNS resolution. It may be open on public DNS resolvers or internal DNS servers. TCP is typically used for zone transfers and large responses.

Common Risks

  • DNS Amplification: Used in reflection-based DDoS attacks.
  • Zone Transfer (AXFR) Enabled: Can leak entire DNS database.
  • Cache Poisoning: Older configurations can be manipulated.
  • Information Disclosure: May reveal internal hosts/subdomains.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Basic check

Terminal window
nmap -sU -p 53
nmap -sU -p 53 --script=dns-recursion

Zone transfer test

Terminal window
dig @ example.com
dig axfr @ example.com

DNS version disclosure

Terminal window
dig @ CHAOS TXT version.bind

What to Look For

CheckpointWhat it means
Zone transfer allowedLeaks internal DNS records
Public resolverCan be abused for DDoS
Version info exposedEasier to target known vulnerabilities

Known Exploits

  1. CVE-2015-5477

A flaw in ISC BIND allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via specially crafted TKEY queries.

🔗 NVD Entry

🔗 Red Hat Advisory

Mitigation

  • Disable zone transfers unless needed; restrict with allow-transfer.
  • Rate-limit DNS responses.
  • Hide version info with version "not disclosed"; in BIND.
  • Use DNSSEC where appropriate.

Real-Life Example

Large DNS amplification attacks have used open resolvers to generate massive traffic floods. Insecure configurations continue to be exploited.

TL;DR

  • Service: DNS (Domain Name System)
  • Default Port: 53/TCP and UDP
  • Risks: Denial of service, cache poisoning
  • Mitigation: Apply patches, restrict recursion, monitor DNS traffic