Port Authority Edition – Internet Vulnerability Profiling
by Steve Gibson,  Gibson Research Corporation.

Goto Port 52
Probe Port 53
Enter Port: 0-65535
Goto Port 54

Port Authority Database

Port 53


Domain Name Server

"DNS" is the glue that translates human-readable domain and machine names like "grc.com" or "amazon.com" into their machine-readable Internet Protocol (IP) address equivalents. DNS servers listen on port 53 for queries from DNS clients. Incoming UDP packets carry queries which expect a short reply, and TCP connections carrying queries requiring longer and more complete replies.

Related Ports: 

Background and Additional Information:

It is difficult to imagine the practical use of the Internet without the convenient name-to-IP address mapping provided by DNS. In fact, the only real threat to the operation of the Internet is the lurking possibility of a massive distributed denial of service (DoS) attack being used to hold the Internet's primary and secondary DNS servers off the Net long enough for all cached copies of DNS records to expire throughout the Internet. (This would take about one week.) Although such a concerted attack on DNS would not take the Internet itself down, it would rob the world of the convenient DNS domain naming that we all take for granted, and effectively kill the Internet for the continued duration of the attack.

Since everyone uses DNS, virtually all machines function as clients of DNS servers. Our machines ask for and receive the results of "DNS lookups" which provide the IP address associated with the domain name and specific machine with which we wish to communicate. Similarly, it is quite uncommon for an end-user's machine to be running a public DNS server. Although advanced users sometimes run their own local DNS resolvers or caches for improved Internet performance and reliability, those servers should not be exposing their DNS services to the Internet.

If our port analysis reveals that your system's port 53 is open and listening for incoming traffic, you should determine what's going on. Even though only a few Trojan programs are known to open port 53, the exact behavior of malicious software is a constantly moving target . . . which is why periodic security checkups here are always worthwhile.

If you are curious to learn more about the operation of the Internet's DNS system, the following links and documents tell the whole story:


Domain Names - Concepts and Facilities:



Domain Names - Implementation and Specification:



DNS Related RFCs:


Trojan Sightings: ADM worm, Lion

The entire contents of this page is copyright © 2008 by Gibson Research Corporation.

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2020 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page