Does the Windows "Browser" service need access to DNS (port 53)?
If so, in what cases?
By "Windows", I'm referring to Windows 7-10.
asked Apr 22, 2020 at 15:12
Add a comment
|
1 Answer
Possibly yes.
In a LAN with multiple subnets and/or Active Directory integration DNS is needed.
In a single subnet LAN without AD DNS is, as far as I know, not used by the Browser service at all.
-
While it's true that AD needs DNS, I'm sure all of it occurs outside the Browser service... Commented Apr 22, 2020 at 16:00
-
1@user1686 We had some serious issues with blocking DNS for the Browser service in the past (Severely locked down environment for a ministry of defense contract at one of our sites.) Didn't have WINS running either, just AD en DNS. We found in that case Browser can use DNS on its own, without going through the normal resolver process. That was using Win7 and Win8.1. Gave us a serious WTF moment. I never did find out what it tried to lookup in DNS due to time-constraints. We just had to let it use DNS. (DNS was considered safe to open, so that was acceptable to the customer.)– TonnyCommented Apr 22, 2020 at 17:27