We have an application for network traffic monitoring and are trying to figure out what traffic should be allowed or blocked. One of the entries is desktops talking to other desktops on the network via port 5355 and it is mapped to Dnscache service.
Should this traffic be allowed between workstations on the same network and what would happen if we blocked it?
The port is used by Link-Local Multicast Name Resolution protocol within the Dnscache Service. This is a necessary service so that the PC's can resolve each other's names on a subnet when there is no DNS server or when the DNS server is not providing Name Resolution. Based on the article below this is used only when all other attempts to resolve names fail, it would be a bad idea to block it on your network.
Here is a reference link to the subject: https://www.microsoftpressstore.com/articles/article.aspx?p=2217263&seqNum=8
I know this was posted 5 year's ago, but I was looking for an answer to this as well, because ESET blocks this automatically. For years I paid no attention to it kept it blocked, and it seems unblocking this is not necessary, also it can stay blocked with out interfering with network traffic at all. If you are a network manager then this should be unblocked as if you are trying to monitor packets of all devices from your device, so you can see exactly as DNS is intended for to see what websites are making communication to other devices, and IP's establishing communication from peoples activities on devices (DNS communications). In security aspect it is a bad idea to unblock it, for packet sniffing network monitoring it's ok, but it would be an issue if a malicious user gets on your network, and I don't advise having this open on public Wi-Fi because of threat actors everything should be locked up for security and privacy on public wifi as you DNS sink hole every bad IP website to 0.0.0.0.
