Hello,
I have encountered an issue with two routers showing UDP port 53 (DNS) open on their outside interfaces and I cannot determine why.
Devices and Software Versions:
Symptoms:
When I scan the outside interface IPs from an external IP, UDP port 53 appears open and I can even send DNS queries that get responses.
When I scan the same interface IPs from an internal IP, UDP port 53 appears closed.
There is no configuration on the routers referencing DNS services or port 53.
The command show ip sockets does not list any process bound to port 53.
I have disabled DNS lookup using no ip domain-lookup.
I also tried applying Control Plane Policing (CoPP) to block UDP/53 traffic, but the restriction had no effect, the port remains open externally.
What I have tried:
Verified running-config for any DNS-related features (none found).
Checked NAT rules (nothing referencing UDP/53).
Confirmed no DNS server or forwarding configuration.
Control-plane protection, still open externally.
It seems like the routers are responding to DNS requests even though no DNS service is configured or visible.
Has anyone seen similar behavior on IOS XE 16.09.x or have any insight into what could be causing UDP/53 to appear open externally? Could this be related to a system-level process or bug in this software train?
Any guidance or suggestions would be greatly appreciated.
Thanks in advance
