Ondřej Caletka ondrej at caletka.cz
Fri Jul 17 07:43:58 UTC 2020

On 16.7. 2020 23:33, Neo Web via Unbound-users wrote:
> I have seen a few different ISP's block unbound from working.
> How do you think they do it.
> I had a US ISP this morning, block it from on their network nationwide.
> It looks like DNSSEC traffic was blocked...what do you think happened?
From my experience, some ISPs either apply some udp/53 firewall which
intercept messages it does not understand. I've also seen an ISP who
DNATed all udp/53 to with an explanation that: “our customers
often misconfigure their DNS addresses and then complain that internet
is not working for them.”

Anyway, forwarding to a trusted DoH upstream should solve the issue.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200717/b52ee8ec/attachment.bin>

More information about the Unbound-users mailing list