Follow
Our DNS privacy service's resolver hosts do not send ICMP packets in response to closed UDP ports (net.inet.udp.blackhole=1).
This disrupts the SAD DNS cache poisoning attack.
https://www.saddns.net/
Server run by the main developers of the project 
It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!
@applied_privacy It is also mitigated with just DROPing everything by default, isn't it? Using DROP instead of REJECT (or nothing at all) does not generate a destination / port unreachable icmp reply?
cc @infosechandbook