ISPs blocking port 53? (was Re: Annoying dynamic DNS updates)

How should an ISP tell the difference between "good" DNS packets and "bad"
DNS packets?

the bad ones are the ones people complain about.

You aren't complaining about your dynamic update packets or even all
dynamic updates. You are complaining about someone sending you packets
you don't want. And more precisely, you are complaining that Comcast is
failing to send you other packets you want to receive, i.e. a response to
your e-mail packets.

yup. where "packets i do not want" could as easily be ddos ("zwil") or spam.

I've been thinking how to use ICMP to signal different types of
responses; and even how "smart" edges on both ends of a communication
could establish and enforce policies. Most of these are non-malicious
communications involving misconfigured systems. Edge communications
avoids problems with the host system, but has problems with multi-path
communications and source validation.

the whole end-to-end argument depends on uniform clue distribution for scale.

The current method of complaining to an ISP doesn't scale very well
either. As you observed in your previous message, supporting 10,000
or ten million customers has many poor scaling properties. Especialy
if you have to fix issues on a case-by-case basis.

Getting vendors to supply more appropriate defaults offers better
scaling possibilities. Your complaint might fix one user's computer,
Microsoft updating the default behaivor would fix tens of millions
of users' computers. Which scales better?

If software didn't do dumb things by default, we wouldn't have to fix the
software one customer at a time. If BIND, ISC DHCP and Windows shipped by
default with "safe" settings, and did a better job of telling the person
who can fix the problem that there is a problem, would there be fewer

How can a Windows system have a fatal error every hour for days and
months, and the user not be aware of it until someone else calls them?

If Dynamic DNS Update is so critical that Microsoft feels the need to
enable it by default, why doesn't Microsoft pop an error dialog window
on the user's machine every time it fails? Then the user could decide
to fix the problem, or stop doing it. If the user doesn't know there
is a problem, why should he fix it?