Ronny beat me to the most succinct, albeit utterly un-edifying reply; I operate on the principles of why use merely 25 words when 100x that many would do as well?
DNS is domain name service and is necessary for IP address resolution of URL.
I can only vouch for v5…1135 (my understanding of v1142 w/‘secure DNS’ is non-existant). SO, I’m utterly unclear what this UDP protocal (DNS) is doing on the highest port you mention. However, that being said, allow me to be so bold to provide some edification concerning this issue; what follows is because you mention tools not commonly known w/respect to network troubleshooting with respect to the unedified. Once you have had the subnetting epiphany, you’ll mercilessly (and ceaselessly) kick yourself for being so stupid not to have seen what’s so plainly obvious that an infant can grasp it.
Your initial question was wide ranging and contained a lot of ‘in-the-know’ content (so bear with my bloviating response).
DNS is resolved via UDP protocol to authoritative DNS servers on port 53. Your ISP has at least two DNS servers that are authoritative for it. There are other DNS serviers that can be utilized instead, e.g., OpenDNS. CIS offers its own DNS servers also.
For home LAN, there will be a modem that iinterfaces with a gateway, i.e., router. The primary gateway, i.e., router, is often configured to act as primary DNS server for the LAN. The IP address of the modem is assigned by the IP leasing schema of the ISP. The only thing the modem sees is the IP address of the gateway / router; this is typically 192.168.0.1; this can be configured to be any valid IP address available.
Now, the gateway / router can be configured to act in either DHCP server or primary DNS server (or both roles. As DHCP server, the router assigns IP addresses to each node on the entire subnet for which it has been specified as primary DHCP server. This is specified in the TCP/IP configuration of each NIC for every node on a subnet. I say ‘node’ because ‘host’ implies that the host is sharing resources; I digress. It is worthy to understand the concept of ‘broadcast’ and ‘network’ subnet address.
The concept of a broadcast address is purely dependent on the subnet. The definition of broadcast address is “all ones” in the host field. Without knowing the subnet mask, we can’t know whether something is all ones or not.
The default command in today’s IOSs (and for several years now) is to ALLOW subnet zero (and the all-ones subnet as well). So yes, assume they are there unless told otherwise; BTW, IGRP is the classful routing protocol, not EIGRP. EIGRP will auto-summarize to classfull boundaries, but it itself is classless. That probably means gibberish to those not having had the subnetting ‘epiphany’.
What it boils down to is that for subnet x.y.z.?, the mask 255.255.255.0 stipulates that x.y.x.255 is the broadcast IP address for the subnet: x.y.z.? and the network address is x.y.z.0; all nodes will respond appropriately to broadcast traffic via traffic addressed to the network address for the subnet.
IF the node’s TCP/IP configuration properties are: ‘obtain IP address & DNS server address’ automatically’ then this information comes from the gateway / router (whether gateway / router, modem (default gateway), or ISP provided).
Its my opinion that unless so implemented by network admins - having expert reasons to do so - gateway / routers shouldn’t be burdened with DNS requests. If one knows the primary & secondary DNS server addresses, each node’s DNS fields should be stipulated in the TCP/IP properties for one’s ISP. Bear in mind, that due to timeout issues, a third DNS server - proprietary to one’s ISP - may come into play. IF your ISP primary & secondary DNS servers are timing out, I believe that you need to allow an ICMP timeout protocol message IN from the ISP (or sumpin). That is most especially true IF you’re a security freak, use CIS (because: see previous few words), and you know ICMP to be pure evil.
Default MS config does not allow for config of that though. This’ll only become evident if you watch your logs closely.
Long & short of this way TOO long skreed (very sorry for that - NOT): you need to open up DNS into and out of your system. If you gots your security ratcheted up to grimace-proportions (good job), then you need to know what’s going on. Which DNS service providing servers should you allow YOUR subnet LAN accessd to?
Dunno, but one thing certain: I’m going to bet all of your lives collectively that if you see incoming DNS (UDP on port 53) you are positively hacked (or your IPS is).