Why does systemd-resolved from systemd version 219 listen on one random UDP port?
One of my machines listens on port 58557 (CentOS 7 with systemd version 219).
sudo netstat -tunlp|grep -P '^Active|^Proto|systemd'
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:58557 0.0.0.0:* 372/systemd-resolve
Another machine listens on port 52010 (also CentOS 7 with systemd version 219).
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 768 0 0.0.0.0:52010 0.0.0.0:* 398/systemd-resolve
Once I reboot the machines, systemd-resolved listens on another UDP port.
I have a third machine, which runs Fedora 27 with systemd version 234. Here, systemd does not open a random UDP port.
As a side note, I have disabled LLMNR, both in /etc/systemd/network/20-eth0.network and /etc/systemd/network/20-eth0.network, so this can't be it. Also, LLMNR would open port 5355.
$ grep LLMNR /etc/systemd/resolved.conf
LLMNR=no
$ grep LLMNR /etc/systemd/network/20-eth0.network
LLMNR=no
Best Answer
As I mentioned in a comment to the question, I ran
systemd-resolvedin strace, whilewatch[ing] netstat -tunlp. I noticed that the port is only opened once I make the first request to resolve a DNS name.I captured the traffic using
tcpdump -i eth0 -nn -w capture_file, noted down the port I see innetstatand looked at the output using Wireshark. The filter in Wireshark is simple:udp.port eq 37078(using the previously noted down udp port).I can confirm that the UDP port that is being opened by
systemd-resolvedis the port that is used to communicate with the DNS server.