Port 53 seems to be blocked by ISP - is there a way to override this?

My ISP seems to be blocking Port 53 if it is not connecting to one of its DNS servers. I was able to prove this through nslookup tests. Here are my tests:

C:\Users\admin>nslookup google.com
Server:  UnKnown
Address:  10.198.220.124

Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:4008:c01::64
          120.28.26.34
          120.28.26.45
          120.28.26.39
          120.28.26.50
          120.28.26.35
          120.28.26.55
          120.28.26.59
          120.28.26.49
          120.28.26.24
          120.28.26.20
          120.28.26.40
          120.28.26.30
          120.28.26.29
          120.28.26.54
          120.28.26.25
          120.28.26.44

C:\Users\admin>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=1974ms TTL=40
Reply from 8.8.8.8: bytes=32 time=1213ms TTL=40
Reply from 8.8.8.8: bytes=32 time=165ms TTL=40
Reply from 8.8.8.8: bytes=32 time=172ms TTL=40

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 165ms, Maximum = 1974ms, Average = 881ms


C:\Users\admin>nslookup google.com 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out


C:\Users\admin>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     2 ms     2 ms     2 ms  192.168.43.1
  2   132 ms   407 ms   139 ms  10.188.8.118
  3   111 ms   156 ms   127 ms  10.188.8.117
  4   121 ms   136 ms   146 ms  10.163.143.114
  5   129 ms   137 ms   139 ms  10.163.143.164
  6   141 ms   151 ms   155 ms  10.163.143.164
  7   126 ms   137 ms   138 ms  10.163.143.114
  8   129 ms   139 ms   138 ms  10.163.143.124
  9   133 ms   138 ms   138 ms  10.198.182.117
 10   130 ms   137 ms   138 ms  10.198.182.138
 11   233 ms   137 ms   137 ms  10.198.183.6
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17   201 ms   219 ms   179 ms  72.14.223.161
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22   148 ms   157 ms   158 ms  8.8.8.8

Trace complete.

My ISP's DNS servers are slow and intermittent. Is there a way to override this? Is it possible to maybe set a DNS server that runs on a different port? Are public DNS servers like OpenDNS and Google Public DNS running these services on other ports?

rationalboss

Posted 2013-05-25T18:30:22.410

Reputation: 317

Can you show the DNS configuration in TCP/IP4 of network adapter please – grvpanchal – 2013-05-25T18:37:59.313

2I think the best solution to this problem is to call your ISP and tell them to unblock it. If they don't, chew them out and switch ISPs. – Tanner Faulkner – 2013-05-25T19:46:00.823

Answers

First, let me state that if your ISP is doing this then they're not really providing true Internet connectivity. It is not something appropriate for an ISP to do. They should fix it.

That being said, you can technically use a recursive resolver on a port other than 53, but it is not straightforward. There is no way to configure a nameserver in /etc/resolv.conf using a port other than 53, so you have to use some kind of hack such as DNAT to divert your local DNS queries to a port other than 53. And as for servers, you'll be hard pressed to find one out there that you can use and that listens on a port other than 53. This is partly because there is such bad support for specifying ports other than 53 on the client side that not many server operators find it useful to offer this.

So: you can set up your own recursive resolver somewhere outside of your ISP's network and which listens on a port other than 53, and use a hack like DNAT to sent your client queries to that server.

Celada

Posted 2013-05-25T18:30:22.410

Reputation: 2 120

OpenDNS inserts ad servers instead of NXDOMAIN, so it can hardly be recommended. There are workarounds though (replace all known ad servers with NXDOMAIN manually in dnsmasq config). – Zdenek – 2019-04-20T19:43:01.480

8OpenDNS accepts queries on both UDP and TCP 5353. – LawrenceC – 2013-05-25T22:52:13.480

@ultrasawblade You should have posted the comment above as an answer, I would have upvoted it, and many other people too, I bet. – MariusMatutiae – 2014-06-03T08:37:12.410

You could try using 'DNSCrypt'. This DNS resolver sends encrypted dns requests. And when DNSCrypt can't do it over port 53, it uses port 443.

Briolet

Posted 2013-05-25T18:30:22.410

Reputation: 11