So when i discover that port 53 is open on some device, what does that mean? Does it indicate that the device is a DNS resolver (meaning it's able to make DNS queries to different nameservers in order to return a certain record), or does it indicate that the device is a nameserver, as in it holds DNS records? I'm kind of confused since i understand how DNS works, and i understand the components of it, running dig google.com for example makes sense in the sense that i'd be analyzing the queries my DNS resolver made in order to get to google.com which i assume would give me more attack vectors since now i might attack the nameserver responsible for google.com (correct me if i'm wrong). But running dig on a machine that has port 53 open in a CTF scenario for example, what does that mean? And how else am i supposed to enumerate that port? I've seen that i can check for the version.bind record which i still don't really understand how it fits in the picture of having port 53 open.