Our DNS privacy service's resolver hosts do not send ICMP packets in response to closed UDP ports (net.inet.udp.blackhole=1).
This disrupts the SAD DNS cache poisoning attack.https://www.saddns.net/
@applied_privacy It is also mitigated with just DROPing everything by default, isn't it? Using DROP instead of REJECT (or nothing at all) does not generate a destination / port unreachable icmp reply?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!