DigitalOcean

Report this

What is the reason for this report?
Question

port 53 open from system-resolve

Posted on May 30, 2024
Droplets
paul

By paul

I ran an “nmap -sUV -F” on my droplet, from the outside, and it returned the following:

   Port    state        service       version
  53/udp   open         domain       dnsmasq 2.90

Im running Debian 12. My firewall is solid. I first thought may be my outgoing rules to connect to the digitalocean dns servers was causing it. I removed the rules that allow for dns lookups and even tested it with an apt update and it failed like it should. So I did a “netstat -tulnp | grep 53” and got the following results:

udp 0 0 127.0.0.54:53 0.0.0.0:* 401/systemd-resolve

udp 0 0 127.0.0.53:53 0.0.0.0:* 401/systemd-resolve

udp 0 0 0.0.0.0:5355 0.0.0.0:* 401/systemd-resolve

My research indicates that the culprit is 127.0.0.53:53 through systemd-resolve process. But how is the outside world getting a response from a loopback address since the all addresses setting 0 0.0.0.0:5355 is port 5355 an not port 53 ? I don’t want to start messing with dnsmasq or editing the /etc/systemd/resolved.conf. Does any one know the answer?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
paul
paul
May 30, 2024

Add my own comment to my question: I should have check to see if I had dnsmasq 2.90 installed on my droplet. I do not. Even if I did debian 12 dnsmasq is 2.89. So I don’t think it is my droplet. But the question still stands then what is causing the nmap -sU result?

0
alexdo
alexdo
May 31, 2024

Hello, @paulsquid

You can run ss -tuln | grep :53 to see if any services are explicitly bound to all interfaces or the public interface.

Also confirm if dnsmasq is running and on which interfaces:

ps aux | grep dnsmasq

You might also want to check the configuration of dnsmasq to see which interfaces it’s bound to.

Given that systemd-resolved is configured to bind to the loopback address, it should not be exposed externally. The appearance of dnsmasq in the Nmap scan suggests that dnsmasq might be running and bound to an external interface.

Regards

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.