26 Feb
2016
26 Feb
'16
12:42 p.m.
Once upon a time, Brielle Bruns <bruns@2mbit.com> said:
UDP is a fun protocol - stateless, so blocking a DST of 53/UDP to the customer also will block responses to recursive queries that originate from SRC 53/UDP. Connection tracking sorta makes it stateful to a point, but it can get ugly with enough traffic.
Sending queries from port 53 has been considered bad behavior and deprecated for what, 15 years now? -- Chris Adams <cma@cmadams.net>