Port 53 is usually used for DNS but that is most probably not the case with you. DNS requests are done in UDP/53, TCP/53 is only used for DNS zone transfers. I doubt that this high number of zone transfers is legitimate traffic. It looks more likely to be traffic tunneled over DNS.
Judge on the destination address as well - is this an ISP or a single dial-up host?
I would recommend blocking this from the thin information you gave us.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.