I’m trying to mangle dns traffic in order to give it priority in the queue tree. However, clients occasionally connect to their vpn using udp port 53 which is getting marked too.
Aside from using the protocol, port, and packet size what are some other ways that dns traffic can be isolated from other traffic?
re-direct dns traffic to local (caching) dns server. this has a number of benefits:
- security: no “mitm” dns spoofing attacks
- improved dns responsiveness as responding from local cache
That will also solve the problem of queue priotisation.