> On May 2, 2019, at 4:34 AM, Todd Blake <[email protected]> wrote: > > Tom, This doesn't explain the behavior of the other two though. To test, I > ran dig's from my workplace. I get the REFUSED as you do to ns21.kpmedia.org > <http://ns21.kpmedia.org/> from work and home, but from my workplace, dig's > to the other two work just fine. a dig from home times out. See below. I'm > wondering if they're just not answering queries from known cable internet > user space...
It is fairly common for ISPs to block all udp port 53 across their network, and only permit udp port 53 to their own DNS servers. That is only two ACL rules, so it is very simple to implement. I would say that in general, port 53 blocking is something that happens less and less. Ask your ISP for their list of blocked ports. Nearly all residential ISPs have a list of block ports. It might even be published in their support portal. You are totally off about the DNS servers not “… answering queries from known cable internet user space.” I’ve never heard of that. It is also would terribly difficult to implement. Nor can I imagine what benefit it would provide. Tom
