Reply
New Visitor
GenandAlex
Posts: 1
Registered: ‎12-09-2010

Apparent Problem with Comcast default DNS

Using the Comcast default dns assigned by DHCP (75.75.75.75, 75.75.76.76) I can't resolve anything in the NOAA.GOV or NOAA.COM domains. I changed to the Google DNS on 1 machine (8.8.8.8 and 8.8.4.4) and both domains are easily accessable. Apparently Comcast's DNS cache is fouled and needs repair.

 

If your DNS can't resolve US government domains you have a major problem. Please fix it.

Silver Problem Solver
andyross
Posts: 3,427
Registered: ‎10-17-2003

Re: Apparent Problem with Comcast default DNS

[ Edited ]

Can you provide a link that doesn't work? I'm using the new DNS, and have no problems. http://www.noaa.gov and http://noaa.gov both work fine. I am in the Chicago area, so maybe it's an issue with only certain servers? With the new Anycast, you never know just where it's going. You could try doing a tracerout/tracert to 75.75.75.75 to see where yours is going.

 

Regular Contributor
Regular Contributor
Posts: 94
Registered: ‎09-13-2005

Re: Apparent Problem with Comcast default DNS

I didn't see this thread when I posted about a similar problem this morning.

 

As I read additional threads, I see customers saying that Comcast's DNS servers fail for fcc.gov, noaa.gov, weather.gov, nasa.gov.

 

Someone posted that they fail for all of the .eu domain!

 

andyross wrote:
> Can you provide a link that doesn't work?

 

Please see my thread.  Using 75.75.75.75, for _days_ the following have failed:

www.wrh.noaa.gov
sat.wrh.noaa.gov
www.weather.gov
www.nasa.gov

Silver Problem Solver
andyross
Posts: 3,427
Registered: ‎10-17-2003

Re: Apparent Problem with Comcast default DNS

On the Broadband Reports forums, there were posts by Comcast people that it seemed to be an issue with a server in California. Based on your one link, it seems to be in Utah?

 

If it's still not working, try doing a tracerout to 75.75.75.75 and see where it goes. To do the traceroute with Windows:

Open up a command prompt

Type: tracert 75.75.75.75

It will step through each router on the way. About the next-to-last will roughly tell where your DNS is being sent to.

Regular Contributor
Regular Contributor
Posts: 94
Registered: ‎09-13-2005

Re: Apparent Problem with Comcast default DNS

I'm in northen California.

 

tracert to 75.75.75.75 says:
 Pleasanton, CA
 S.F.
 San Jose
 then cdns01.comcast.net

 

Real irony here.  Another thread says to use www.dnssec-failed.org and www.dnsviz.net to troubleshoot DNS problems.

 

And I can't get to them either!

 

I specifically request that a Comcast employee in this forum help resolve this problem.

 

Would someone outside of California please try to get to the four websites I mentioned in message #3 and see if you can access them?  And run a traceroute/tracert to 75.75.75.75 to see where your DNS server is.

 

Thanks.

Bronze Problem Solver
Posts: 3,210
Registered: ‎05-12-2006

Re: Apparent Problem with Comcast default DNS

 


401 wrote:

I'm in northen California.

 

tracert to 75.75.75.75 says:
 Pleasanton, CA
 S.F.
 San Jose
 then cdns01.comcast.net

 

The servers in MA are also having trouble. You can (usually) see it when you check a problem domain at http://dns.comcast.net/dig-tool.php .

 

Real irony here.  Another thread says to use www.dnssec-failed.org and www.dnsviz.net to troubleshoot DNS problems.

 

It's even more ironic than you think! The authoritative DNS servers for the dnssec-failed.org domain are Comcast servers. The DNSSEC servers in MA and CA sometimes can't even get answers from Comcast's own servers. Interestingly, the cache-check page mentioned above doesn't do any checking when you enter the dnssec-failed.org domain; so maybe this particular problem isn't limited to MA and CA.

 

 

Official Employee
jlivingood
Posts: 1,093
Registered: ‎05-09-2007

Re: Apparent Problem with Comcast default DNS

We're aware of a DNSSEC-related issue and are working with vendors to fix it. In the meantime, we put in place a workaround on the DNSSEC servers that should have resolved this. If you are still having issues, please post the results of a dig here so we can investigate.

JL
National Engineering & Technical Operations
Bronze Problem Solver
Posts: 3,210
Registered: ‎05-12-2006

Re: Apparent Problem with Comcast default DNS

 


jlivingood wrote:

We're aware of a DNSSEC-related issue and are working with vendors to fix it. In the meantime, we put in place a workaround on the DNSSEC servers that should have resolved this. If you are still having issues, please post the results of a dig here so we can investigate.


 

The cache check page is still showing problems with the servers in CA and MA. I'm in MA. For the record:

 

dig @75.75.75.75 ftc.gov

; <<>> DiG 9.3.1 <<>> @75.75.75.75 ftc.gov
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

 

>dig @75.75.75.75 b.usadotgov.net

; <<>> DiG 9.3.1 <<>> @75.75.75.75 b.usadotgov.net
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

 

In these cases 75.75.75.75 isn't sending back any response at all.

 

Then there's:

 

>dig @75.75.75.75 www.dnssec-failed.org

; <<>> DiG 9.3.1 <<>> @75.75.75.75 www.dnssec-failed.org
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1717
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

 

It is working for most other domains, though.

Email Expert
Posts: 18,241
Registered: ‎04-27-2004

Re: Apparent Problem with Comcast default DNS

 


steve-baker wrote:


It's even more ironic than you think! The authoritative DNS servers for the dnssec-failed.org domain are Comcast servers. The DNSSEC servers in MA and CA sometimes can't even get answers from Comcast's own servers.

 

 


 

Actually, that's not ironic, it's expected. Caching and authoritative servers should be totally independent of each other. If the caching servers have a bug affecting DNSSEC in general, there's no reason why it shouldn't affect them when they try to access domains hosted by Comcast's auth servers.

 

But perhaps you could say that it's ironic that it's expected. Or maybe that it's unexpected that it's expected. :smileyhappy:

Bronze Problem Solver
Posts: 3,210
Registered: ‎05-12-2006

Re: Apparent Problem with Comcast default DNS

 


Barmar wrote:

 


steve-baker wrote:


It's even more ironic than you think! The authoritative DNS servers for the dnssec-failed.org domain are Comcast servers. The DNSSEC servers in MA and CA sometimes can't even get answers from Comcast's own servers.

 

 


 

Actually, that's not ironic, it's expected. Caching and authoritative servers should be totally independent of each other. If the caching servers have a bug affecting DNSSEC in general, there's no reason why it shouldn't affect them when they try to access domains hosted by Comcast's auth servers.

 

But perhaps you could say that it's ironic that it's expected. Or maybe that it's unexpected that it's expected. :smileyhappy:


Nope, there's lots of irony there. Let's not forget "Another thread says to use www.dnssec-failed.org and www.dnsviz.net to troubleshoot DNS problems." Trying to troubleshoot DNS problems via a domain that's mired in the problem is ironic.

 

Contributor
Posts: 8
Registered: ‎01-11-2010

Re: Apparent Problem with Comcast default DNS

In Atlanta. Can't get to NOAA or Paypal for days. Tracert on 75.75.75.75 routes to a server in Atlanta.

Contributor
Posts: 6
Registered: ‎03-17-2007

Re: Apparent Problem with Comcast default DNS

Comcast.net DNS is failing for me here in Seattle for some specific domains, but working for the ones listed above.

 

My DNS servers: 

  68.87.69.150  cns.beaverton.or.bverton.comcast.net
  68.87.85.102  cns.cmc.co.denver.comcast.net

 

 

 

Failing domains:

  - waol.org

  - angel.spscc.edu

 

Authoritative servers for these are hosted by the WA State Board for Community and Technical Colleges, in Olympia, WA.  DNS for these domains was tested and found working via EasyDNS and over AT&T and T-Mobile wireless connections.

 

Most domains hosted here are working on Comcast but a few are not.

 

 

Working:

  - sbctc.edu

  - www.cis.ctc.edu

  - noaa.gov

  - paypal.com

  - www.nasa.gov

   ...

 

 

 

Bronze Star Contributor
Posts: 174
Registered: ‎06-12-2008

Re: Apparent Problem with Comcast default DNS

paypal and noaa working again in ATL

Bronze Problem Solver
Posts: 3,210
Registered: ‎05-12-2006

Re: Apparent Problem with Comcast default DNS

 


pkreemer wrote:

Comcast.net DNS is failing for me here in Seattle for some specific domains, but working for the ones listed above.

 

My DNS servers: 

  68.87.69.150  cns.beaverton.or.bverton.comcast.net
  68.87.85.102  cns.cmc.co.denver.comcast.net

 

 

 

Failing domains:

  - waol.org

  - angel.spscc.edu

 

Authoritative servers for these are hosted by the WA State Board for Community and Technical Colleges, in Olympia, WA.  DNS for these domains was tested and found working via EasyDNS and over AT&T and T-Mobile wireless connections.

 


 

The problem in this case is at the other end. Angel.spscc.edu has a CNAME of angel.waol.org, so the problem with those domains is the same problem. The authoritative servers for waol.org are listed as:

 

ctc.ctc.edu.
ml-dns.ctc.edu.
quasar.ctc.edu.

 

The parent servers for the .edu domain don't have the IP addresses of those servers, so a lookup has to find those addresses. The authoritative servers for the ctc.edu domain are:

 

ruler.wa-k20.net.
apple.wa-k20.net.
dns3.ctc.edu.
dns4.ctc.edu.

 

Those servers listed immediately above don't have the addresses of the authoritative servers listed for the waol.org domain. EG:

 

"dig @ruler.wa-k20.net ctc.ctc.edu

...
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, ..."

 

ANSWER: 0 ... no answer for the IP address of ctc.ctc.edu, and so no DNS server to query to find the info about the waol.org domain.

 

Other servers might have waol.org info cached from queries made before the waol.org DNS situation got discombobulated. Checking at some open DNS servers is showing some stuff that I can't quite figure out, but I think the bottom line is that they have the addresses of

 

ctc.ctc.edu.
ml-dns.ctc.edu.
quasar.ctc.edu.

 

cached.

 

 

Contributor
Posts: 6
Registered: ‎03-17-2007

Re: Apparent Problem with Comcast default DNS

Steve, thanks very much for sorting through that!  And explaining it clearly.  I passed your description on to the networking staff here.

 

Paul

Contributor
Posts: 6
Registered: ‎03-17-2007

Re: Apparent Problem with Comcast default DNS

Hi, to report back on this: our IT staff had cutover to new DNS servers but hadn't updated them in the domain registration. That was fixed a couple of hours ago, and now I'm waiting for Comcast to pick up the change. 

 

 

Whois now lists these (correct) DNS servers for waol.org:

 

dns3.ctc.edu.
dns4.ctc.edu.

 

 

Thanks again for the help-

 

Paul

 

 

 

 

Email Expert
Posts: 18,241
Registered: ‎04-27-2004

Re: Apparent Problem with Comcast default DNS

Delegations from the .ORG servers have 1-day TTLs. So it could take up to a day for some of the Comcast nameservers to pick up the change. Different servers will pick it up at different times, depending on when they last cached the old NS records.

Bronze Problem Solver
Posts: 3,210
Registered: ‎05-12-2006

Re: Apparent Problem with Comcast default DNS

 


pkreemer wrote:

Hi, to report back on this: our IT staff had cutover to new DNS servers but hadn't updated them in the domain registration. That was fixed a couple of hours ago, and now I'm waiting for Comcast to pick up the change. 

 

Thanks for the update.

 

 

Whois now lists these (correct) DNS servers for waol.org:

 

dns3.ctc.edu.
dns4.ctc.edu.


Those NS records have a TTL of zero. Is that really how they wanted to set it up?

 

 

Thanks again for the help-

 

You're welcome!

 

 

Recognized Contributor
Posts: 398
Registered: ‎12-20-2003

Re: Apparent Problem with Comcast default DNS

I think I have a better DNS connection now after making some changes in the window setup for DNS.

 

My router is using the Comcast DNS as part of the DHCP; the computer is setup to use the router as the DNS server even if the router cannot be set as the gateway in win7 (claims it did but erases it).

 

In the win7 tcp/ip, I have the router as the primary DNS & an OpenDNS as the secondary DNS.  Then in the "advanced" DNS page, I added the router as the 1st DNS & then 2 OpenDNS servers as the 2nd & 3rd DNS servers.  I think that it's working as I wanted, Comcast DNS 1st & if not there, then OpenDNS.  Haven't tried Google servers as didn't know about them until now but will stick to my method.

 

On occassion, I do get the "helper" page with the OpenDNS headers which I believe that my DNS listing did pass thru the Comcast DNS as not found but dropped down to the OpenDNS for a check & the OpenDNS server also did a "not found" & so returned their "helper" page instead of the Comcast page.

Connection Expert
EG
Posts: 41,855
Registered: ‎12-24-2003

Re: Apparent Problem with Comcast default DNS