Totally agree. It's silly that my home lab has to cost me 5x the normal rate if I want to use some of the standard ports but that is normal now.
On Fri, Feb 26, 2016 at 12:27 AM, Mark Andrews <ma...@isc.org> wrote: > > In message <alpine.deb.2.02.1602260718460.11...@uplift.swm.pp.se>, Mikael > Abrah > amsson writes: >> On Thu, 25 Feb 2016, Jared Mauch wrote: >> >> > Make sure you permit TCP/53 for DNS queries so if TC=1 lookups work. >> >> Speaking of which, historically ISPs have been blocking TCP/135, TCP/445 >> and a few others towards customers (at least that's what I know). TCP/25 >> seems to be blocked as well. >> >> Why isn't UDP/53 blocked towards customers? I know historically there were >> resolvers that used UDP/53 as source port for queries, but is this the >> case nowadays? >> >> I know providers that have blocked UDP/53 towards customers as a >> countermeasure to the amplification attacks. As far as I heard, there were >> no customer complaints. > > Because complaining is like talking to a brick wall most of the > time. People work around the ISP idiocy by shifting ports, its > easier than trying to get through help desk hell. > >> -- >> Mikael Abrahamsson email: swm...@swm.pp.se > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
