[dns-operations] udp/49153
Sam Norris
Sam at ChangeIP.com
Tue Dec 2 00:00:38 UTC 2008
> On Mon, 1 Dec 2008, Sam Norris wrote:
>
>> Just taking a quick poll about dns queries coming in on udp/49153. Does
>> anyone know what resolver is using this port, and why ?
>
> Hi Sam,
>
> I assume you're saying that 49153 is the destination port for what
> appears to be DNS messages hitting your authoritative nameservers,
> right?
>
> If so, can you show us how it looks in tcpdump (or wireshark?)
>
> DW
These are requests coming _to_ destination port 49153, not source ports.
This is why they stuck out, they are querying the wrong port for DNS. I
will put together some packet captures to share shortly. My guess is a
broken NAT or proxy device somewhere. I was trying to determine the user
agent so we could look into it more.
Sam
More information about the dns-operations
mailing list