If it is a security measure someone isn't doing a very good job at securing. I get to NOAA with no problems.

What browser are you using? Have you tried a different browser?

Yes, used two different browsers.  It not a browser issue, it's a DNS issue, clearly.  I can whois and ping with same results.  Your post just proves my point.  Others can see these sites, I can't.  I can see most other sites.  I won't repeat what I said about purging, resetting and turning off, etc. which eliminates everything except what I said.

Forum has several discussions about the DNS security that checks for tampering on certain sites and then blocks them, to "protect" the end user.  That's what I was referring to.  Likely, big gov sites are failing this comcast DNS security test.

I am not calling Comcast.  When I do, they charge me more money, even if someone doesn't come out.  And they ALWAYS want to send someone out if they can't fix the problem by resetting my modem.  Since they fixed the node in my neighborhood, my signal is fine and all equipment is working fine.

Well, I've posted on my website to tell my readers why they won't get their usual custom weather information they rely upon.  I can't pull up products I need using Comcast.

I've been sitting here since 7:30am trying to get this working and save the daily information of conditions at a specific time to my repository over 10yrs old.  That's 2 hours wasted, and one day of history lost forever (some of it I can get after the fact, some is not saved anywhere).  To me, from the standpoint of consequences, this is nearly as bad as having NO internet connection.  Emails can be answered later, etc.

bnc, you are CORRECT!  I just forced in the verizon DNS servers, and everything is back perfectly!!!

THANKS!!!

COMCAST.....----->>>>>>>>>>>>>>>>>>>  This is PROOF!  Your DNS management leaves much to be desired!!   (I've told you this before)  Large government servers have frequent hacking attempts.  You can't block these sites from your customers. 

WOW!!  Not only does it work, but it's MUCH FASTER opening sites!!

Strange. I'm just south of Harrisburg PA. I can reach http://www.nws.noaa.gov/, but the links at the bottom of that page to http://www.noaa.gov/ and http://www.weather.gov/ produce a "Firefox can't find the server" message. 

Bruce, I had that this morning.  Could reach nws.noaa.gov, but not nhc.noaa.gov or goes.noaa.gov. The entries for those sites have been deleted from the DNS servers your computer is using to lookup the ip addresses where those sites reside. 

Try non-comcast DNS servers.  For that matter, go to

http://www.grc.com/dns/benchmark.htm

download the little .exe utility and run it to find the fastest free dns servers in your area.  It may well be verizon, they are high on my results list, sorted by speed!

I made a snide remark earlier about "looney tunes" marketing people implementing processes that hamper the customer, thought better of it, and removed it on an edit.  But hey, I'm not the only one with this opinion.  Others with MUCH MORE KNOWLEDGE confirm my opinion, found this with DNS Benchmark results:

One or more of this system's nameservers intercepts errors and redirects web browsers to a custom page in response to an invalid DNS lookup request.  (This is shown with an orange coloring of the nameserver IP address and descriptive text on the benchmark's "Nameserver" page.)  This behavior is typically used as a marketing maneuver to redirect mistaken web browser URL entries to the DNS provider's own advertising-laden marketing-related pages. The major ISPs Earthlink, Roadrunner and Comcast are known to be doing this. While this may be regarded as a useful service by some users, others object to the idea of not receiving an error in response to an erroneous request. Some free DNS server providers, such as OpenDNS, allow this behavior to be customized so that erroneous queries can be configured to return an error. Many responsible ISPs are also offering "opt-out" options to prevent advertising interceptions.

Recommended Actions:

If you feel that this marketing-driven behavior is unacceptable from a DNS nameserver, you may be able to configure the service to return errors. Otherwise, you are free to switch to any alternative high performance and high reliability nameservers that are properly returning errors in response to erroneous queries.


Google also has a public DNS offering.

http://code.google.com/speed/public-dns/docs/using.html

I used the IPv4 addresses 8.8.8.8 and 8.8.4.4.

---

slswyoming wrote:

I made a snide remark earlier about "looney tunes" marketing people implementing processes that hamper the customer, thought better of it, and removed it on an edit.  But hey, I'm not the only one with this opinion.  Others with MUCH MORE KNOWLEDGE confirm my opinion, found this with DNS Benchmark results:

 

One or more of this system's nameservers intercepts errors and redirects web browsers to a custom page in response to an invalid DNS lookup request.  (This is shown with an orange coloring of the nameserver IP address and descriptive text on the benchmark's "Nameserver" page.)  This behavior is typically used as a marketing maneuver to redirect mistaken web browser URL entries to the DNS provider's own advertising-laden marketing-related pages. The major ISPs Earthlink, Roadrunner and Comcast are known to be doing this. While this may be regarded as a useful service by some users, others object to the idea of not receiving an error in response to an erroneous request. Some free DNS server providers, such as OpenDNS, allow this behavior to be customized so that erroneous queries can be configured to return an error. Many responsible ISPs are also offering "opt-out" options to prevent advertising interceptions.

Recommended Actions:

If you feel that this marketing-driven behavior is unacceptable from a DNS nameserver, you may be able to configure the service to return errors. Otherwise, you are free to switch to any alternative high performance and high reliability nameservers that are properly returning errors in response to erroneous queries.


---

I'm curious about something. First, a little background. There are two sets of DNS servers available via Comcast, one set has the addresses 75.75.75.75/76, the other set has addresses like 68.87.71.230. The servers at 75.* are DNSSEC servers that *don't* have the domain hijacking "feature". The servers with addresses more like 68.87.71.230 are the ones that do the domain hijacking. The problem with resolving .gov domains comes up fairly regularly, and I always though it was a problem with the DNSSEC aspect of things as the problem only showed up in the DNSSEC servers. But you've posted that you've had the problem resolving .gov domains, *and* you're seeing the domain hijacking. So, do you know which servers you were using when you had the two problems that seem mutually exclusive? You can probably find out which server you're currently using via opening a command window and doing an nslookup. Enter, say,

nslookup  nhc.noaa.gov

at the command prompt. You should see something like this:

Server:  cns.chelmsfdrdc2.ma.boston.comcast.net
Address:  68.87.71.230:53

Non-authoritative answer:
Name:    nhc.noaa.gov
Address:  140.90.176.165

That shows that I used the server at 68.87.71.230 to get the answer.

This has been happening again for the last 24 hours (specifically for www.nhc.noaa.gov).  Switching to OpenDNS solves it, but I want to use Comcast's DNS.  Was the true culprit ever identified?

www.nhc.noaa.gov is resolving now, we are working with the noaa.gov domain adminstrators to address this, they are not giving our servers enough time to expire it's cache when they change DNSSEC keys, and we are forced to manually flush the zone.

Thanks,
John 

Thanks for the reply and for fixing it.  It's good to know the cause and that everybody is aware of it - much appreciated.