nanog mailing list archives
Re: Thank you, Comcast.
From: Mark Andrews <marka () isc org>
Date: Fri, 26 Feb 2016 17:27:07 +1100
In message <alpine.DEB.2.02.1602260718460.11524 () uplift swm pp se>, Mikael Abrah amsson writes:
On Thu, 25 Feb 2016, Jared Mauch wrote:Make sure you permit TCP/53 for DNS queries so if TC=1 lookups work.Speaking of which, historically ISPs have been blocking TCP/135, TCP/445 and a few others towards customers (at least that's what I know). TCP/25 seems to be blocked as well. Why isn't UDP/53 blocked towards customers? I know historically there were resolvers that used UDP/53 as source port for queries, but is this the case nowadays? I know providers that have blocked UDP/53 towards customers as a countermeasure to the amplification attacks. As far as I heard, there were no customer complaints.
Because complaining is like talking to a brick wall most of the time. People work around the ISP idiocy by shifting ports, its easier than trying to get through help desk hell.
-- Mikael Abrahamsson email: swmike () swm pp se
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Thank you, Comcast. Mike Hammett (Feb 25)
- Re: Thank you, Comcast. Paras Jha (Feb 25)
- Re: Thank you, Comcast. Roland Dobbins (Feb 25)
- Re: Thank you, Comcast. Jared Mauch (Feb 25)
- Re: Thank you, Comcast. Mikael Abrahamsson (Feb 25)
- Re: Thank you, Comcast. Mark Andrews (Feb 25)
- Re: Thank you, Comcast. Mikeal Clark (Feb 25)
- Re: Thank you, Comcast. Mike Hammett (Feb 26)
- Re: Thank you, Comcast. Nick Hilliard (Feb 26)
- Re: Thank you, Comcast. Mike Hammett (Feb 26)
- Re: Thank you, Comcast. Dovid Bender (Feb 26)
- Re: Thank you, Comcast. Mike Hammett (Feb 26)
- Re: Thank you, Comcast. Livingood, Jason (Feb 26)
- Re: Thank you, Comcast. Brielle Bruns (Feb 26)
- Re: Thank you, Comcast. Mike Hammett (Feb 26)
- Re: Thank you, Comcast. Roland Dobbins (Feb 26)
- Re: Thank you, Comcast. Paras Jha (Feb 25)