> but port 53 wasn't blocked, so a commercial VPN resulted in unlimited internet
The VPN would have to accept a connection over 53 though, right? This also seems like a great way to possibly bypass VPN blocking via DPI, which I've been hit with before on airlines when going over 443.
Yeah, but it doesn't cost much to accept connections on all ports (AIM did it in the 90s).
DPI should be able to easily detect and block non-DNS traffic on port 53, as well as IP over DNS. Just a matter of configuration effort; but lots of networks lack configuration effort, so it's worth a try.
5190 continued well into the 2000s.
5190 was the default port, but if it wasn't open, any other port would work. You could have the client do a scan to try ports until one worked.
It'd be fascinating to get an at-scale timeline of ports blocked from common client connection points.
I assume it's drifted over time, but couldn't guess which ways / why. (Other than converging on blocking all non-443)