I never had to guess till now. I just entered the info in the /etc files, make an ipf rulebase and everything worked fine.
Spectrum upgrading hardware does not help. Too many changes... On Sat, Jul 3, 2021 at 9:31 AM Brett Lymn <bl...@internode.on.net> wrote: > > On Fri, Jul 02, 2021 at 11:12:31PM -0400, Jason Mitchell wrote: > > > > I think you would only need to allow inbound connections to tcp port 53 if > > you were running a nameserver on your machine. You would want to make sure > > that you allow outbound connections on tcp port 53 from your nameserver in > > any case. Are you using your own nameserver or are you using another machine > > for name resolution? > > > > No you think incorrectly. It doesn't matter if you are running a name server > or not, if you > block tcp/53 going out then you break DNS, it appears to work but fails on > some domains. I > did say this: > > > > > > 2) are you sure your rules are correct? A particularly favourite > > > > > hobby-horse of mine is people blocking DNS over tcp/53 due to the > > > > > totally WRONG belief that only dns zone transfers use tcp/53. This is > > > > > WRONG (did I say wrong?) - if a DNS response won't fit into a UDP > > > > > packet > > > > > then the DNS server will reply to the client telling it to try over > > > > > tcp. > > > > > If your firewall doesn't allow that to happen there may be delays in > > > > > name resolution which could cause the appearance that gmail is slow. > > I suggest that a bit of research into DNS would save you guessing. > > > If the nameserver isn't on your computer than: "nc -w 4 -v <nameserver ip> > > 53" will let you know if you can connect to that server on port 53. (-v = > > verbose, -w 4 = 4 second timeout so you don't wait forever). If there's a > > network problem the connection will timeout or you'll get an error. Here are > > examples: > > > > Yes, this would be good to try. > > > > > And I use mail.google.com somewhat often and it goes to the same place as > > gmail.com. > > > > It didn't when I last looked, they must have relented on that sometime. > > -- > Brett Lymn > -- > Sent from my NetBSD device. > > "We are were wolves", > "You mean werewolves?", > "No we were wolves, now we are something else entirely", > "Oh"
