Bind: Standard Ports And Non Standard Ports
Warren Kumari
warren at kumari.net
Fri Feb 11 17:23:04 UTC 2022
On Fri, Feb 11, 2022 at 10:21 AM Tim Daneliuk via bind-users <
bind-users at lists.isc.org> wrote:
>
> After some months of poking around, we are now certain that our so-called
> "Business"
> service from Comcast is compromising our DNS servers because of their
> execrable "Security Edge" garbage. (They are willing to remove this
> 'service'
> only if we are willing to incur a higher monthly recurring fee.)
>
>
According to "the Internet" (aka, some random reddit thread), there is a
way to disable this:
https://www.reddit.com/r/networking/comments/fl0ujm/xfinity_secureedge_for_business_transparently/
It did not *look* like this required changing service / a higher fee, but
...
W
> Our master is in the wild and works fine, but the slave is behind the
> compromised
> Comcast pipe. The effect of having Security Edge in place is that the
> slave cannot get updates from the master and is also unable to resolve
> anything outside our own zone. Comcast is apparently hijacking all port
> 53 requests and doing unspeakable things with them.
>
> Is there a way to have these servers work as usual, listening to resolution
> request on port 53, but have the slave update AND forward requests to the
> master over a non-standard port, so as to work around the Comcast madness?
>
> TIA,
> Tim
>
> P.S. My guess is that this so-call "security" service is no such thing, or
> at
> least its not the only thing. They are probably harvesting DNS
> lookups
> to sell as marketing data, or at least that would be my first guess.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
-- E. W. Dijkstra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220211/3a12c5e5/attachment.htm>
More information about the bind-users
mailing list