DNS and Network Infrastructure Ports: DNS (53), NTP (123), DHCP (67/68)

Network Infrastructure Ports

These ports are used by the fundamental services that make networks function.

Port 53 — DNS (Domain Name System)

DNS is one of the most critical internet services, translating domain names to IP addresses.

• UDP 53: Standard DNS queries (most common)
• TCP 53: Large DNS responses, zone transfers, DNS over TCP

Modern DNS security:

• DNS over HTTPS (DoH): Uses port 443
• DNS over TLS (DoT): Uses port 853
• DNSSEC: Signed responses on standard port 53

Ports 67/68 — DHCP

DHCP automatically assigns IP addresses to devices on a network:

• Port 67 (UDP): DHCP server listens
• Port 68 (UDP): DHCP client listens

Port 123 — NTP (Network Time Protocol)

NTP synchronizes clocks across a network. Accurate time is essential for:

• TLS certificate validation
• Kerberos authentication (max 5-minute skew)
• Log correlation in security monitoring
• Distributed database consistency

Port 179 — BGP (Border Gateway Protocol)

BGP is the protocol that routes traffic between autonomous systems (ISPs, data centers). It uses TCP port 179 and is critical to internet routing.

Port 514 — Syslog

Syslog collects log messages from network devices:

• UDP 514: Traditional syslog (unencrypted)
• TCP 6514: Syslog over TLS (RFC 5425)

Port 520 — RIP (Routing Information Protocol)

RIP is a simple dynamic routing protocol for small networks. UDP port 520 is used for route updates between routers.

SNMP Ports (161/162)

SNMP monitors and manages network devices:

• UDP 161: SNMP queries from management station
• UDP 162: SNMP traps (notifications from devices)