I agree with Joe. ISPs that want all DNS traffic simply route all port 53 traffic to their own nameserver. Which only now end users are getting protection from with DoT and DoH
Sent from mobile device > On May 3, 2019, at 07:37, Joe Abley via Unbound-users > <[email protected]> wrote: > > Hi Tom, > > On May 2, 2019, at 23:24, Tom Samplonius via Unbound-users > <[email protected]> wrote: > >> It is fairly common for ISPs to block all udp port 53 across their network, >> and only permit udp port 53 to their own DNS servers. That is only two ACL >> rules, so it is very simple to implement. I would say that in general, port >> 53 blocking is something that happens less and less. > > That would spell "support apocalypse" in any residential ISP I've ever > used, and a shortcut to "we can't make payroll" via "all the customers > have gone". I have never seen it outside hotel/retail guest networks. > > Do you have any measurements to support "fairly common"? If that's > right and my experience is atypical it's the kind of thing I'd like to > understand. > > > Joe
