2nd scenario is mine . Upstream manipulated everything on 53 tcp/udp . Even
if i query a non-existent dns-server it returns result ;)
C:\WINDOWS\system32>nslookup newsroom.fb.com 8.8.8.254
Server: UnKnown
Address: 8.8.8.254
Non-authoritative answer:
Name: newsroom.fb.com
Addresses: 1.2.3.4
1.2.3.4
Note:1.2.3.4 is not what they really return . I've changed it for privacy .
But it is one fixed ip address which returns in case of manipulation occurs
.
Sten Carlsen wrote
> In case 2) something like your solution is needed. The use of port 443
> is an obvious idea, however DNS uses UDP and HTTPS uses TCP. Your ISP
> appears to be paranoid enough to block also port 443 UDP, so that might
> be one issue.
FYI https://en.wikipedia.org/wiki/QUIC uses udp 443 . Also i try to reduce
the queries over 443 with the way i asked in my first post .
Thanks
--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
