Paul Wouters wrote:
I have been hearing more reports of people in the last two weeks that DNS queries originating from port 53 are getting blocked. slashdot.org was one of those domains that started failing when your recursing name server is configured to use a query port of 53.
We've seen several DDOS attacks directed towards our nameservers that used source port 53. Likewise, we have temporarily blocked queries that used source port 53 to buy us time while enacting better DDOS mitigations. With the prevalence of source port randomization, it wouldn't surprise me if some people started permanently blocking source port 53. I'm not saying I agree with that practice, but I can definitely imagine it happening.
-- Jason _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs