www.heroesonline.com unresolvable via local unbound instance?
Paul Wouters
paul at nohats.ca
Fri May 3 13:08:58 UTC 2019
I agree with Joe. ISPs that want all DNS traffic simply route all port 53 traffic to their own nameserver. Which only now end users are getting protection from with DoT and DoH
Sent from mobile device
> On May 3, 2019, at 07:37, Joe Abley via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
>
> Hi Tom,
>
> On May 2, 2019, at 23:24, Tom Samplonius via Unbound-users
> <unbound-users at nlnetlabs.nl> wrote:
>
>> It is fairly common for ISPs to block all udp port 53 across their network, and only permit udp port 53 to their own DNS servers. That is only two ACL rules, so it is very simple to implement. I would say that in general, port 53 blocking is something that happens less and less.
>
> That would spell "support apocalypse" in any residential ISP I've ever
> used, and a shortcut to "we can't make payroll" via "all the customers
> have gone". I have never seen it outside hotel/retail guest networks.
>
> Do you have any measurements to support "fairly common"? If that's
> right and my experience is atypical it's the kind of thing I'd like to
> understand.
>
>
> Joe
More information about the Unbound-users
mailing list