TCP 853
Synopsis
- TCP port 853 is used by DNS over TLS (DoT), the encrypted DNS protocol defined in RFC 7858.
- Public resolvers accepting DoT on 853 include Cloudflare (1.1.1.1), Google Public DNS (8.8.8.8), Quad9 (9.9.9.9), NextDNS, and AdGuard DNS.
- Recursive DNS software that can listen on 853 for DoT includes Unbound, BIND 9.18+ (named), and Knot Resolver.
- Stub resolvers/clients that initiate DoT on 853 include Stubby (getdns) and Android 9+ “Private DNS” mode.
- Network platforms such as pfSense, OPNsense, and OpenWrt can forward DNS to upstream DoT resolvers on 853 using Unbound or Stubby.
- Pi-hole deployments commonly pair with Unbound or Stubby to forward queries over 853 to DoT-capable providers.
- Attackers sometimes misuse DoT on 853 to evade DNS inspection by encrypting malicious domain lookups, hindering network-based detection.
Observed activity
Last 30 days
Detailed chart