You configure your router to block port 53 passthrough or to redirect all DNS traffic to OpenDNS. You may also block all UDP traffic passthrough on your router. VPN programs use almost UDP. By sending specially-crafted DNS packets to TCP port 53, a remote attacker could exploit this vulnerability to cause the device to reload. References: [CVE-2013-5479], haneWIN DNS Server is vulnerable to a denial of service attack. A remote attacker could send a large amount of data to port 53 and cause the server to crash. For more details on this topic you can read my other post on How to Hack an Ethernet ADSL Router. How Domain Name System (DNS) Works; Comments.
192.168.1.1 is my router NetGear. It has 8.8.8.8 and 8.8.4.4 set as DNS. from windows:
from ubuntu:
I think this shouldn't go on port 53, right? If yes, what can be the reason to dig translating my DNS query to asking NetGear on wrong port?
I cannot query 8.8.8.8:
however can with +tcp:
at the end this: here 127.0.1.1 (dnsmasq right?) responds:
nm tool:
migrated from serverfault.comMay 7 '13 at 22:18
This question came from our site for system and network administrators.
3 Answers
Port 53 is indeed the port that a DNS server listens on for requests.
However, by default it's UDP port 53, and TCP port 53 is not often used.
Your dig and nslookup commands use UDP by default, but in your dig command you specified to use TCP with +tcp, and since the router is only listening on UDP, the request fails.
To resolve the issue, query with UDP by removing +tcp from your dig command.
DNS runs on Port 53.
Port 53 is the IANA assigned port for DNS.
dig does a DNS lookup. nslookup does a DNS lookup. Thus they both use Port 53.
As to your real question, which is:
then why it is refused?
Well, that could be for any number of reasons. Maybe your Ubuntu computer is on a different network. Maybe its network cable is unplugged. Maybe you have firewall rules blocking outbound DNS except to some specific IP addresses.
Is there a specific problem you're trying to solve by doing this dig command?
You should install bind and use 127.0.1.1. This might help and resolve your problems.
Cisco Router Port 53
