On Fri, Feb 11, 2022 at 10:21 AM Tim Daneliuk via bind-users < bind-users@lists.isc.org> wrote:
> > After some months of poking around, we are now certain that our so-called > "Business" > service from Comcast is compromising our DNS servers because of their > execrable "Security Edge" garbage. (They are willing to remove this > 'service' > only if we are willing to incur a higher monthly recurring fee.) > > According to "the Internet" (aka, some random reddit thread), there is a way to disable this: https://www.reddit.com/r/networking/comments/fl0ujm/xfinity_secureedge_for_business_transparently/ It did not *look* like this required changing service / a higher fee, but ... W > Our master is in the wild and works fine, but the slave is behind the > compromised > Comcast pipe. The effect of having Security Edge in place is that the > slave cannot get updates from the master and is also unable to resolve > anything outside our own zone. Comcast is apparently hijacking all port > 53 requests and doing unspeakable things with them. > > Is there a way to have these servers work as usual, listening to resolution > request on port 53, but have the slave update AND forward requests to the > master over a non-standard port, so as to work around the Comcast madness? > > TIA, > Tim > > P.S. My guess is that this so-call "security" service is no such thing, or > at > least its not the only thing. They are probably harvesting DNS > lookups > to sell as marketing data, or at least that would be my first guess. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
