@gertjan said in DNS Resolver doesn't work with my university domain.:
I would like to understand what the reason for the ISP is to block this port 123.
While I agree it low bandwidth, but it is also a common amplification tool via for one that old monlist command, but pretty sure that was disabled many versions ago to prevent that attack vector.
But maybe they are just playing it safe because not like users keep their stuff updated all the time.. Look at here where they are still running like 2.3 versions of pfsense..
They could do it a different way to allow for source 123 to be answered, with yeah a stateful firewall. so if one of there users asks some ntp server with source port 123 that is allowed, but nonstateful traffic inbound to 123 would be denied. While sure udp is not really a stateful protocol, most firewalls do keep track of the state.
But that would be more work for them so they most likely just go the easy route. And don't monitor state of the users traffic and just block all inbound to their network on 123..