| Comcast DNS's Hey all,
My router auto pulls comcast DNS's 68.87.68.166 and 68.87.74.166 . If i manually tell it to use 75.75.75.75 or 75.75.76.76 which are the newer? DNS servers they actually respond slower(noticeably) and i confirmed such with the DNS benchmark at »www.grc.com/dns/benchmark.htm.
I did this over multiple days to rule out network conditions.Currently I'm using a Dir-615 using DD-WRT firmware.
Any ideas? |
|
 tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3
 ·Comcast
| either should work fine.
fastest speed isn't the only factor when selecting a DNS server,
no redirection, DNSSEC (security) consistantcy, accuracy, and a response base on your actual location is something Comcast provides which many others can't or won't.
the 75.75...& 76.76 are for sure DNSSEC, the auto assigned MAY be (will be soon)but have the advantage of higher use leading to better cached results and will be reassigned on rebooting should there be a problem with the versions on your CRAN.
When you say "noticeably" how big a MS gap are we talking? |
|
| Changing pages is a noticeable 2 secs or so slower, not sure why. |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| reply to panthal01
said by panthal01:Hey all,
My router auto pulls comcast DNS's 68.87.68.166 and 68.87.74.166 . If i manually tell it to use 75.75.75.75 or 75.75.76.76 which are the newer? DNS servers they actually respond slower(noticeably) and i confirmed such with the DNS benchmark at »www.grc.com/dns/benchmark.htm.
I did this over multiple days to rule out network conditions.Currently I'm using a Dir-615 using DD-WRT firmware.
Any ideas?
That really should not be happening, but routing can play a part too, and since you are still getting the domain helper DNS servers in your area, perhaps the routing to the 75.75.x.x DNSSEC servers is not optimal.
Your automatically assigned DNS servers are domain helper DNS servers located in Atlanta, GA and Naples, FL respectively. You may want to try using 68.87.68.162 and 68.87.74.162 which are also located in Atlanta, GA and Naples, FL respectively, and they are also DNSSEC servers.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. |
|
| Thanks! The 2 you listed work as fast as what it was auto pulling. |
|
tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| 2 seconds is an incredible long delay. DNS should be in the ms or tens of millisecond range for uncached and 1ms (or less) for anything cached.
Are you sure this is happening at the DNS level?
I suspect something else must be wrong perhaps a browser or configuation error or some sort of malware/redirect/??? is going on.
Try it without the router. also what O/S, computer setup, browser? |
|
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | reply to panthal01
Hmm. Based on Comcast's DNS page (»dns.comcast.net/dns-ip-addresses.php), all of the domain helpers are supposedly shut down? Also, the server status page (»dns.comcast.net/status.php) no longer works.
You can do a traceroute (TRACERT in Windows) to 75.75.75.75 and 75.75.76.76 and see where they end up. The same address will point to different locations depending on where you are. |
|
|
|
tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| andyross  I think there was some delays in the phase out (getting all the roots signed took longer than expected) so the current target for universal (within CC) is now spring 2012, however MOST people allowing DHCP to assign DNS will recieve a DNSSEC compliant server address, I believe 75 & 76 will be the only valid IPv4 DNSSEC IP's.
this is the most current timeline
»www.dnssec.comcast.net/Comcast-D···arge.jpg |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| reply to andyross
said by andyross:Hmm. Based on Comcast's DNS page (»dns.comcast.net/dns-ip-addresses.php), all of the domain helpers are supposedly shut down? Also, the server status page (»dns.comcast.net/status.php) no longer works.
You can do a traceroute (TRACERT in Windows) to 75.75.75.75 and 75.75.76.76 and see where they end up. The same address will point to different locations depending on where you are.
Yes, the Comcast DNS web site does imply that all of the domain helper DNS servers have been decommissioned, including the ones that the OP receives via DHCP. However, before my reply to the OP where I supplied two DNSSEC servers in the same locations to replace the domain helper servers, I tested those domain helper servers, and they are definitely still active, and they still mangle the replies for invalid hostnames (which I don't consider to be helping).
My guess as to why the official 75.75.x.x AnyCast IP addresses provide poor service for the OP is that the routing for his location is screwed up. The two DNSSEC server IP addresses that I posted are in the same locations (and the same subnet) as the domain helper servers. The OP does not have the long delays when using those two DNSSEC servers (which are actually part of the Comcast AnyCast system). However, bypassing the official 75.75.x.x gateway IP addresses will use a different route.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. |
|
| reply to panthal01
Currently, our anycast (75.75.75.75 and 75.75.76.76) DNS servers are receiving very little query traffic. With that, the cache is not as populated as our Domain Helper servers and may take a few additional microseconds to recurse for an answer . As we migrate our customers to the new anycast servers, the cache will improve. |
|
| reply to panthal01
Do yourself a favor, get off the comcast dns servers asap.
»code.google.com/p/namebench/
Try this tool out and let it run full tests, this finds the fastest dns servers depending on what you feed it. It makes a big difference in pages "popping" during surfing.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" |
|
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | But, in this age of CDN's, the 'fastest' DNS may not result in the fastest or most efficient streaming. An ISP's own DNS may point to closer or other specialized addresses that give a more direct connection with less stress on the network. |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
1 edit | reply to ComcastTom
said by ComcastTom:Currently, our anycast (75.75.75.75 and 75.75.76.76) DNS servers are receiving very little query traffic. With that, the cache is not as populated as our Domain Helper servers and may take a few additional microseconds to recurse for an answer . As we migrate our customers to the new anycast servers, the cache will improve.
I can vouch for that (at least at my location). However, the two DNS servers that are listed in my SMC gateway are in fact DNSSEC, not domain "helper" DNS servers, so perhaps that also makes a difference. IE: areas that still have domain "helper" servers are not optimized for the official DNSSEC Anycast gateway IP addresses, but using the regional DNSSEC servers works better (as it did for the OP).
Note, that even though I have a business class account with static IP addresses, and the DNS server information was manually entered by Comcast support (instead of via DHCP), I had the same DNS servers supplied by DHCP when I had a residential account.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. |
|
dan1431
join:2007-05-10
Boca Raton, FL | reply to panthal01
Using the DNS Benchmark referenced above, the COMCAST DNSSEC servers are actually faster than any public available DNS server.
Dan |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by dan1431:Using the DNS Benchmark referenced above, the COMCAST DNSSEC servers are actually faster than any public available DNS server.
Dan
Actually, if you read the OP's first post, that is exactly the test that was run, and the OP's results did not put the Comcast Anycast servers anywhere near the top of the list. The test results I posted are not going to be valid for everyone, because it would appear that Comcast's routing for their Anycast servers is only optimized if you are in an area that is already passing out DNSSEC servers instead of domain "helper" servers.
I have had some IM's from other users that also seem to point out that if your area is still passing out domain "helper" DNS servers via DHCP, then if you use the 75.75.75.75 and 75.75.76.76 Comcast Anycast servers, you will not get very good response time (but manually using your area's DNSSEC servers will likely not degrade your performance).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. |
|
| reply to ComcastTom
and just how long is that going to take? |
|
| reply to andyross
dns based cdn is so 90's.
CDNS use other methods now especially akamai an limelight.
If they are strictly using dns they have the issue not us.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" |
|
