Bind: Standard Ports And Non Standard Ports

[Ted Mittelstaedt]

I have Comcast Business with 2 name servers behind it and 50 or so 
domain names hosted on them.  No problems at all.  Never heard of
Security Edge.

We could have a discussion on your setup and compare notes but your
problems have nothing to do with port 53 filtering in the Comcast
network, IMHO.

Ted

On 2/11/2022 7:20 AM, Tim Daneliuk via bind-users wrote:
> 
> After some months of poking around, we are now certain that our 
> so-called "Business"
> service from Comcast is compromising our DNS servers because of their
> execrable "Security Edge" garbage.  (They are willing to remove this 
> 'service'
> only if we are willing to incur a higher monthly recurring fee.)
> 
> Our master is in the wild and works fine, but the slave is behind the 
> compromised
> Comcast pipe.  The effect of having Security Edge in place is that the
> slave cannot get updates from the master and is also unable to resolve
> anything outside our own zone.   Comcast is apparently hijacking all port
> 53 requests and doing unspeakable things with them.
> 
> Is there a way to have these servers work as usual, listening to resolution
> request on port 53, but have the slave update AND forward requests to the
> master over a non-standard port, so as to work around the Comcast madness?
> 
> TIA,
> Tim
> 
> P.S. My guess is that this so-call "security" service is no such thing, 
> or at
>       least its not the only thing.  They are probably harvesting DNS 
> lookups
>       to sell as marketing data, or at least that would be my first guess.