I have Comcast Business with 2 name servers behind it and 50 or so
domain names hosted on them. No problems at all. Never heard of
Security Edge.
We could have a discussion on your setup and compare notes but your
problems have nothing to do with port 53 filtering in the Comcast
network, IMHO.
Ted
On 2/11/2022 7:20 AM, Tim Daneliuk via bind-users wrote:
After some months of poking around, we are now certain that our
so-called "Business"
service from Comcast is compromising our DNS servers because of their
execrable "Security Edge" garbage. (They are willing to remove this
'service'
only if we are willing to incur a higher monthly recurring fee.)
Our master is in the wild and works fine, but the slave is behind the
compromised
Comcast pipe. The effect of having Security Edge in place is that the
slave cannot get updates from the master and is also unable to resolve
anything outside our own zone. Comcast is apparently hijacking all port
53 requests and doing unspeakable things with them.
Is there a way to have these servers work as usual, listening to resolution
request on port 53, but have the slave update AND forward requests to the
master over a non-standard port, so as to work around the Comcast madness?
TIA,
Tim
P.S. My guess is that this so-call "security" service is no such thing,
or at
least its not the only thing. They are probably harvesting DNS
lookups
to sell as marketing data, or at least that would be my first guess.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
