After some months of poking around, we are now certain that our so-called
"Business"
service from Comcast is compromising our DNS servers because of their
execrable "Security Edge" garbage. (They are willing to remove this 'service'
only if we are willing to incur a higher monthly recurring fee.)
Our master is in the wild and works fine, but the slave is behind the
compromised
Comcast pipe. The effect of having Security Edge in place is that the
slave cannot get updates from the master and is also unable to resolve
anything outside our own zone. Comcast is apparently hijacking all port
53 requests and doing unspeakable things with them.
Is there a way to have these servers work as usual, listening to resolution
request on port 53, but have the slave update AND forward requests to the
master over a non-standard port, so as to work around the Comcast madness?
TIA,
Tim
P.S. My guess is that this so-call "security" service is no such thing, or at
least its not the only thing. They are probably harvesting DNS lookups
to sell as marketing data, or at least that would be my first guess.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
