RNDC

High Risk

TCP — DNS

Port Overview

Port Number 953

Service Name RNDC

Transport Protocol TCP

Category DNS

Security Risk High

Port Range Well-Known (0-1023)

What is Port 953?

BIND Remote Name Daemon Control (RNDC), used to remotely control the BIND named DNS server daemon. Uses HMAC-SHA256 authentication. Unauthorized access would allow cache flushing or DNS service halt.

TCP DNS Commonly Used

Security Considerations

Port 953 (RNDC) is classified as high risk. This port is a common target for automated scanning and brute-force attacks. If you must expose it, restrict access to known IP addresses.

Recommendation: Use firewall rules to whitelist trusted IPs. Enable rate limiting and intrusion detection.

Related Ports — DNS

42 WINS / nameserver 53 DNS 101 NIC Host Name 853 DNS over TLS 1512 WINS 2053 Knetd / DNS over TLS 5353 mDNS (Multicast DNS) 5355 LLMNR (Link-Local Multicast Name Resolution)