Comment by mlhpdx
21 hours ago
I put my DNS service on a non-standard port. I’m the only one using it so standards be damned. Windows doesn’t allow setting a nonstandard port for DNS, but pretty-much everything else does.
Do ISPs do deep packet inspection to get lookup data? Maybe, but it increases the cost of doing so and makes the business aspect of it less viable. Perhaps a minor win.
Yes, ISPs absolutely do deep packet inspection.
With cleartext DNS, your queries may never reach your chosen server. Plenty of ISPs are configured to just answer any DNS query, regardless of its destination. Using a nonstandard port might help, but you’d be much better off deploying one of the DoH / DoT / DoQ / etc secure protocols.