On Mon, 1 Apr 2013, Valdis.Kletnieks at vt.edu wrote: > You're sending queries, not replies. That's why DPI is needed to do the > blocking, rather than just by port. What queries are sourced from port 53 nowadays? I'd imagine it's pretty safe to block Internet->customer UDP/53 packets. -- Mikael Abrahamsson email: swmike at swm.pp.se