benjojo.co.uk

benjojo posted 09 May 2025 16:35 +0000

Today's fun debug adventure, on one of the bgp.tools remote IX collector boxes in Iraq, all DNS packets appear to be ACL'd now. See the difference in mtr's for port 53 vs 54

Not too much of a problem, as just flipping the switch on systemd-resolved to use DNS Over TLS "fixed" the problem. I guess systemd-resolved is good for something then!

Outputs of mtr side by side, the side using UDP port 54 is getting deeper into the network

benjojo replied 09 May 2025 16:36 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/222C9643d4LLh6xR5t

Unsure why DNS is now bad, maybe it's exam time in Iraq again or something. Given Iraq/Iran/etc have used nationwide DNS blocking as a way to reduce cheating on exams

m@lgbtqia.space replied 09 May 2025 16:49 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/c24g8hPJ91yvgqJWy3

@benjojo

Lmao this is like replacing all water ways with agent orange because of wheat in an singular flower pot.

fs111@mastodon.xyz replied 09 May 2025 17:47 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/c24g8hPJ91yvgqJWy3

@benjojo WTF? Are you joking?

jamesog@mastodon.soc.. replied 09 May 2025 16:54 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/222C9643d4LLh6xR5t

@benjojo How dare you, systemd-resolved is good for nothing!