Hi Michael,
Also 636 is only for ONTAP to AD-LDAP connections and for DNS it will always connect to port 53( UDP and if needed TCP).
When CIFS server is created on the SVM . Domain Controller Discovery (DC Discovery) is an automatic procedure triggered by ONTAP every 4 hours.
It is explained in the KB below and is the reason why you see connections happening between ONTAP SVM and DNS every 4 hour interval.
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/What_is_Domain_Controller_Discovery
With "Use LDAPS for AD LDAP connection" set to TRUE , ONTAP will only use port 636 for AD-LDAP connections.
https://docs.netapp.com/us-en/ontap/nfs-admin/ldaps-concept.html#terminology
Could you please check if the 389 LDAP connections are happening via the same SVM LIF of the SVM which has LDAPS for AD LDAP connection set to TRUE or the connections are initiated using a different different SVM LIF?