another brick in the wall[ed garden]

Dear Sprint EVDO people,

Your man-in-the-middle hijacking of UDP/53 DNS queries against
nameservers that I choose to query from my laptop on Sprint EVDO is
not appreciated. Even less appreciated is your complete blocking of
TCP/53 DNS queries.

Queries from my lab:

   rs@click [14] % dig +short @192.148.252.10 version.bind. chaos txt
   "Just send your damn query already..."
   rs@click [15] % dig +tcp +short @192.148.252.10 version.bind. chaos txt
   "Just send your damn query already..."
   rs@click [16] % dig +tcp +short @192.148.252.10 hostname.bind. chaos txt
   "bifrost"
   rs@click [17] %

Queries from my laptop:

   Superfly:~ rs$ dig +short @192.148.252.10 version.bind. chaos txt
   "9.6.0-P1"
   Superfly:~ rs$ dig +tcp +short @192.148.252.10 version.bind. chaos txt
   ;; connection timed out; no servers could be reached
   Superfly:~ rs$ dig +tcp +short @192.148.252.10 hostname.bind. chaos txt
   "ns1-kscymar06.spcsdns.net"
   Superfly:~ rs$

Guys, I send you money each month to deliver packets for me, not to
invent new ways of being annoying (and breaking TSIG signed updates to
dynamic DNS). Less is more. Please stop dinking with 10-minute-idle
TCP sessions (which I complained about a year and a half ago) and
knock it off with offering DNS service that I did not ask for.

Sincerely,

Your Disgruntled Customer, RS

PS: No, I don't expect that this open letter will get you to fix the
misbehavior, but if some Swedish guy comes along swinging a clue-bat
at you guys I hope he whacks you a couple of times for me.

While you're at it, it would be nice if SPRINT also fixed the problems
with ports TCP/25 and TCP/587.

Another disgruntled SPRINT customer,

Owen

Can you be more specific? My TCP/465 and TCP/587 mail submission
works great over Sprint. I'm not even trying to do submission on port
25 (in fact, my mail servers send rude messages if you try AUTH to a
port 25 listener) so I can't speak to that.

-r

Owen DeLong <owen@delong.com> writes:

Owen DeLong wrote:

While you're at it, it would be nice if SPRINT also fixed the problems
with ports TCP/25 and TCP/587.

Never tried 25, but I know 587 is fine through a tethered handset my
(extremely non-technical) significant other uses daily. Shouldn't we all
be using the submission port anyway?

~Seth

Dear Sprint EVDO people,

Your man-in-the-middle hijacking of UDP/53 DNS queries against
nameservers that I choose to query from my laptop on Sprint EVDO is
not appreciated. Even less appreciated is your complete blocking of
TCP/53 DNS queries.

If I were an ISP, and I knew that approximately 99.9% of customer
queries to random name servers was malware doing fake site phishing or
misconfigured PCs that will work OK and avoid a support call if they
answer the DNS query, with 0.1% being old weenies like us, I'd do what
Sprint's doing, too.

If you're aware of a mechanical way for them to tell the difference,
we're all ears.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.

I agree, running monitoring from my laptop at home at
nights/weekends/vacations/holidays... I need to use most of those ports.
My answer was VNP/tunnel everything.

I use SSH tunnels for all mail, but I have had no problems with
DNS over Sprint EVD0 (the OP's issue).

Regards
Marshall