Internet-Security.com TCP port 53 details

Port 53/TCP is used by the Domain Name System (DNS) for TCP-based queries and, notably, for zone transfers (AXFR/IXFR).
BIND (named) listens on TCP 53 for large DNS responses and zone transfers in production deployments.
Microsoft DNS Server on Windows Server (including AD-integrated DNS) uses TCP 53 for zone transfers and fallback when responses require TCP.
Unbound and PowerDNS (Authoritative Server and Recursor) accept and make DNS-over-TCP connections on port 53.
NSD and Knot DNS authoritative servers use TCP 53 for AXFR/IXFR and handling TCP client queries.
Managed DNS platforms like Cloudflare (1.1.1.1), Google Public DNS (8.8.8.8), Quad9, Akamai Fast DNS, and Infoblox appliances serve DNS on TCP 53 in production.
F5 BIG-IP DNS (GTM) and Cisco Umbrella resolvers also handle DNS traffic over TCP 53.
Associated risk: attackers often test TCP 53 for misconfigured zone transfers (data leakage) and may tunnel command-and-control or data exfiltration over DNS on TCP 53 to evade egress filters.

TCP 53