Bind: Standard Ports And Non Standard Ports
Tim Daneliuk
tundra at tundraware.com
Fri Feb 11 15:20:28 UTC 2022
After some months of poking around, we are now certain that our so-called "Business"
service from Comcast is compromising our DNS servers because of their
execrable "Security Edge" garbage. (They are willing to remove this 'service'
only if we are willing to incur a higher monthly recurring fee.)
Our master is in the wild and works fine, but the slave is behind the compromised
Comcast pipe. The effect of having Security Edge in place is that the
slave cannot get updates from the master and is also unable to resolve
anything outside our own zone. Comcast is apparently hijacking all port
53 requests and doing unspeakable things with them.
Is there a way to have these servers work as usual, listening to resolution
request on port 53, but have the slave update AND forward requests to the
master over a non-standard port, so as to work around the Comcast madness?
TIA,
Tim
P.S. My guess is that this so-call "security" service is no such thing, or at
least its not the only thing. They are probably harvesting DNS lookups
to sell as marketing data, or at least that would be my first guess.
More information about the bind-users
mailing list