On May 14, 2009, at 8:37 PM, Mark Andrews wrote:
[TLB:] I can think of an argument they might make: that it is/could be used by bots as a fallback. However, redirecting DNS/UDP fits the model of "providing a better service for the average user"; blocking/redirecting TCP is more likely to break things a savvy user needs.
There is still no sane reason to block TCP. If they are intercepting DNS/UDP then they need to also intercept DNS/TCP as they will break all sites that cause "tc=1" to be set in the DNS/UDP reply.
First, since when does it require a "sane" reason to do something? Second, and more importantly, John is right. Sprint is a for-profit business. If blocking UDP - or TCP or HTTP or whatever - makes them more money than not blocking it, they will do it. And rightly so. Of course, it is entirely possible management figured out blocking "DNS" was more profitable because the cost savings in lower call center volume more than offset the 4 people who dropped Sprint because of the block. So they told engineers to 'block DNS' and the engineers did that without knowing that blocking TCP port 53 was not more profitable, and perhaps was less profitable. Miscommunications abound between Engineering and Management. This should surprise few, and hopefully no one on NANOG. Assuming something like that happened, will a post to NANOG fix it? I don't know. Certainly has a non-zero chance. But trying to get Sprint, or any provider, to change because _you_ think what they are doing is not sane is, well, not sane. "Never appeal to a man's 'better nature,' he may not have one. Invoking his self-interest gives you more leverage." -- TTFN, patrick