I was playing with nmap on my local network and I was wondering why all of my other devices have port 53/tcp open (router, 2 raspberry pies and an android phone). Only my main machine (source of nmap scan) did not show any open ports.
As far as I can tell when I was poking in my RPi with ss I was not able to find anything that was using port 53.
Is this normal? Is there other way how to find out why is port 53 considered open?
The command was sudo nmap -sT '192.168.0.0/24'
example
Nmap scan report for pio (*redacted_ip*)
Host is up (0.045s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: *redacted_mac* (Raspberry Pi Foundation)
OK but I do not have any DNS server running as far as I can find. ss doesn’t show it and systemctl list-units | grep -i dns doesn’t show anything either.
I can’t see how is that connected. The port is open for incomming connection.
I get DNS from my ISP I do not need DNS active on my device to access net. My main machine does not have this port open and the net works just fine.
Besides only installed package with dns in it on the RPi is
pie:~ >>> aptitude search '~i dns'
i libdns-export1104 - Exported DNS Shared Library
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN *redacted_ip*/24 # ssh
42553/tcp ALLOW IN *redacted_ip*/24 # MyJdownloader
5201 ALLOW IN *redacted_ip*/24 # iperf3 - network speed test
3306 ALLOW IN *redacted_ip*/24 # mariadb
Mystery solved.
I totaly forgot that some years ago I was messing with my router NAT settings and it was redirecting all dns requests to correct dns server. So that machines on my network would not call dns like 8.8.8.8. For example a call to 192.168.0.5:53 (which has no port opened) would end in 192.168.0.1:53 which has port 53 opened.
Disabling this feature shows correct results from nmap.
Why am I doing things like this to myself?