Bind: Standard Ports And Non Standard Ports
Ted Mittelstaedt
tedm at ipinc.net
Fri Feb 11 17:13:50 UTC 2022
I have Comcast Business with 2 name servers behind it and 50 or so
domain names hosted on them. No problems at all. Never heard of
Security Edge.
We could have a discussion on your setup and compare notes but your
problems have nothing to do with port 53 filtering in the Comcast
network, IMHO.
Ted
On 2/11/2022 7:20 AM, Tim Daneliuk via bind-users wrote:
>
> After some months of poking around, we are now certain that our
> so-called "Business"
> service from Comcast is compromising our DNS servers because of their
> execrable "Security Edge" garbage. (They are willing to remove this
> 'service'
> only if we are willing to incur a higher monthly recurring fee.)
>
> Our master is in the wild and works fine, but the slave is behind the
> compromised
> Comcast pipe. The effect of having Security Edge in place is that the
> slave cannot get updates from the master and is also unable to resolve
> anything outside our own zone. Comcast is apparently hijacking all port
> 53 requests and doing unspeakable things with them.
>
> Is there a way to have these servers work as usual, listening to resolution
> request on port 53, but have the slave update AND forward requests to the
> master over a non-standard port, so as to work around the Comcast madness?
>
> TIA,
> Tim
>
> P.S. My guess is that this so-call "security" service is no such thing,
> or at
> least its not the only thing. They are probably harvesting DNS
> lookups
> to sell as marketing data, or at least that would be my first guess.
More information about the bind-users
mailing list