Systemd-resolve opening up random ports

With a lsof -i -P -n I get the following ports and I do not understand if it is a systemd behavior or a trojan, can anyone explain
systemd-r 402 systemd-resolve 22u IPv4 22294 0t0 UDP 192.168.96.79:20833->192.168.96.93:53
systemd-r 402 systemd-resolve 24u IPv4 22295 0t0 UDP 192.168.96.79:3150->192.168.96.93:53
systemd-r 402 systemd-resolve 25u IPv4 22296 0t0 UDP 192.168.96.79:45922->192.168.96.93:53
systemd-r 402 systemd-resolve 26u IPv4 22297 0t0 UDP 192.168.96.79:13102->192.168.96.93:53

Seems to be normal recursive DNS resolution. Notice the random high source port to port 53 over UDP. It seems innocuous unless you don’t want names to be resolved.

That is reassuring to hear, on the other hand I’ve been literaly dealing with spywhere all my life so I’m not someone who understands “normal behavior” is it possible to give me a few keywords to google or pass me a source? Not that im doubtful of the information you provide but rather prefer to know exactly how something works by research

Check the DNS RFC here: https://www.ietf.org/rfc/rfc1035.txt. You cam also run netstat -uanp to see which process is sending the dns requests (lsof will tell you too). You can attach a debugger to the process and find out why the DNS request was sent (ptrace -p or similar). Last, but not least, if you feel paranoid enough, you could check the source code for the software originating these requests.

The beauty of open source is that you get to decide how deep into the rabbit hole you want to dive.

I hope this helps.

godsent, thanks a lot