Port 53 is constantly requested by a large number of IP addresses

[LeonFetter]

The same problem occurs in the server where cPanel / WHM and onlydns are installed,

Port 53 is constantly requested by a large number of IP addresses

Even if I disable the corresponding IP addresses in the CSF, these IP addresses still send requests to my server, resulting in a large consumption of my server bandwidth

After I contact the administrator of the data center to disable some IP addresses, a batch of new IP addresses will appear after a period of time to continuously initiate requests.

I don't understand the purpose of these IP's massive access to my port 53. Is there any vulnerability that can be exploited?

How should this problem be solved?

 

[cPanelAnthony]

Hello! Port 53 is the service port for DNS; this traffic could be related to DNS queries on your host. You should determine where these IP addresses are coming from. Are they from a specific country? Are they bot crawlers?

 

[LeonFetter]

Hello! Port 53 is the service port for DNS; this traffic could be related to DNS queries on your host. You should determine where these IP addresses are coming from. Are they from a specific country? Are they bot crawlers?

My cPanel / WHM does not provide domain name resolution services. I use dnsonly to provide separate domain name resolution services.

After I disable the default DNS server in cPanel / WHM, these packets are still transmitted to my server.

There seems to be no specific country for these IPS. I have queried these IPS. These IPS are not spiders.

 

[ffeingol]

If you don't have DNS services running on the cPanel servers, why is incoming port 53 open?

 

[cPanelAnthony]

@ffeingol thanks for responding! This is a very good point. If you're not utilizing DNS on your server, disabling and closing port 53 might be your best bet.