fxsapp
join:2005-10-03
Fargo, ND | [DNS] Comcast DNS connectivity issues My ISP: Comcast Cable Internet
Location: Fort Collins, CO- Colorado Springs, CO
Speedtest: »stage.results.speedtest.comcast.···1732.png
OS: Win7
Modem: Cisco DPC3008 (wired, no wireless)
No Active Anti-Virus Program running
My issue is not a current one, but I am looking for advice for when it may happen again- during the first week I had service, my connection dropped and my modem reset, when it reset all of the lights were normal, however the error I was getting was "windows cannot communicate with primary dns server" My friend who lives in Colorado Springs also had this issue with their first day of service. We are both using the default DNS servers that comcast provides-
»dns.comcast.net/dns-ip-addresses.php
Last night, this happened to my friend and their service was down for about 2 hours, with the same error that I had. Is this something that is beyond our control or is there something we can do?
Here is what we both have done to try to restore service when it went down.
Proper power cycling equipment
ipconfig /flushdns /registerdns /release /renew
reset TCP/IP
change DNS servers to OpenDNS or Google's DNS
Repair connection through Windows
Disable/Re-enable adapter
any input on this is appreciated thank you |
|
 tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3
 ·Comcast
| said by fxsapp:change DNS servers to OpenDNS or Google's DNS
Did that work? (I'm guessing not, or you wouldn't need to post here.
I think that shows the message was a symptom rather than the cause of the outage, and not really a problem.
A 2 hour outage implies major damage, major problems, or major upgrades and are very rare in most areas.
The best bet if a power cycle doesn't fix it and the lights and signal levels look normal is to call in to determine if any of those are happening. |
|
fxsapp
join:2005-10-03
Fargo, ND
1 edit | thank you that is what I thought- if anyone else has any ideas just throw them my way if you don't mind- seems to be a fairly common situation I may face
anyone else have an opinion for this? |
|
| reply to fxsapp
We have Extreme 105 and Comcasts DNS has been a major issue with us so we did the Google DNS. |
|
 EGThe wings of lovePremium
join:2006-11-18
Union, NJ
kudos:9 | said by Dawson46:We have Extreme 105 and Comcasts DNS has been a major issue with us so we did the Google DNS.
What would one have to do with the other ? |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| reply to fxsapp
From the information you posted, I am going to assume that you have a single Windows 7 PC directly attached to your cable modem.
I suspect that the problem you saw had nothing directly to do with DNS, and that the real problem was just that your Internet connectivity was not yet fully operational immediately after the power outage ended.
If it happens again, do an "ipconfig /all" to get the PC's IP address, and the gateway and DNS server IP addresses. Then (assuming that you do have an Internet IP address and not a private 192.168.x.x or 169.254.X.X IP address) try to ping the gateway IP address and the DNS server IP addresses. That should tell you if you actually do have Internet connectivity. If you can't reach the gateway or the DNS servers, nothing else is going to help until Internet connectivity is restored.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
|
|
| reply to Dawson46
said by Dawson46:We have Extreme 105 and Comcasts DNS has been a major issue with us so we did the Google DNS.
With those speeds provisioned, you may want to reconsider using GoogleDNS (or any other DNS provider for that matter). I tripped over the fact that using alternate DNS providers results in you being connected to the wrong CDN (Content Distribution Networks). This can result in your downloads being much slower that expected.
When I was using Google or OpenDNS, my best download speeds were about 1MB / sec. Switched back to Comcast, was getting as high as 6MB / sec. See this article for a full explanation -
»apcmag.com/why-using-google-dns-···idea.htm
(There are many other articles out there - but this one seems to explain it well) |
|
| reply to fxsapp
Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.
I switched back to using my own local caching DNS server (with OpenDNS servers as backups) and the problems disappeared. I find it almost hard to believe Comcast's servers are that godawful bad, even though I stopped using them 12 years ago for exactly the same reason. |
|
EGThe wings of lovePremium
join:2006-11-18
Union, NJ
kudos:9 | reply to fxsapp
Hmmm.. Never a problem with them here.. YMMV. |
|
Reviews:
·Comcast
| reply to JJJohnson
Hmm you're having trouble with the DNS servers? I've been using them exclusively since before they first switched over to the Anycast DNS system, and I've really never had any problems.  I hope this isn't a sign of bad times coming. |
|
| Is everyone assigned the same DNS servers, or are they regional? I may try it again to see whether something else was going on. |
|
Reviews:
·Comcast
| According to Comcast's DNS page the DNS addresses 75.75.75.75 and 75.75.76.76 (as well as the two IPv6 addresses) are distributed across many servers via Anycast for redundancy and reliability, so thats a hard question to define within the parameters of local, regional, and national. Every Comcast customer within the nation receives the same DNS addresses by default and the nodes are geographically dispersed. |
|
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | reply to fxsapp
To check exactly where your DNS is going, you have to run a TRACERT or TRACEROUTE to one of the DNS addresses and see if there are any obvious city/state names.
I'm near Chicago, and mine goes to cdns01.comcast.net for 75.75.75.75, and cdns02 for 75.75.76.76. 75.75 goes into area4 Chicago. 76.76 goes to westalndrdc.mi.michigan. |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by andyross:To check exactly where your DNS is going, you have to run a TRACERT or TRACEROUTE to one of the DNS addresses and see if there are any obvious city/state names.
I'm near Chicago, and mine goes to cdns01.comcast.net for 75.75.75.75, and cdns02 for 75.75.76.76. 75.75 goes into area4 Chicago. 76.76 goes to westalndrdc.mi.michigan.
And that is only a partial picture of how your connection interacts with Comcast's Anycast network. For example, here is my traceroute results to 75.75.75.75 and 75.75.76.76:
C:\>tracert 75.75.75.75
Tracing route to cdns01.comcast.net [75.75.75.75]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms host6.dcs-net.net [75.146.8.46]
2 25 ms 29 ms 19 ms 96.191.160.1
3 9 ms 10 ms 9 ms xe-4-0-0-0-sur01.murfreesboro.tn.nash.comcast.net [68.85.50.125]
4 11 ms 15 ms 10 ms xe-3-1-2-0-ar03.nashville.tn.nash.comcast.net [68.85.174.17]
5 21 ms 72 ms 20 ms so-3-0-0-0-ar01.b0atlanta.ga.atlanta.comcast.net [68.85.109.245]
6 27 ms 22 ms 23 ms te-8-3-ur01.s3ndigital.ga.atlanta.comcast.net [68.86.107.18]
7 * * 22 ms cdns01.comcast.net [75.75.75.75]
Trace complete.
C:\>tracert 75.75.76.76
Tracing route to cdns02.comcast.net [75.75.76.76]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms host6.dcs-net.net [75.146.8.46]
2 32 ms 10 ms 69 ms 96.191.160.1
3 10 ms 9 ms 9 ms xe-4-0-0-0-sur01.murfreesboro.tn.nash.comcast.net [68.85.50.125]
4 26 ms 9 ms 10 ms xe-11-2-0-0-sur02.murfreesboro.tn.nash.comcast.net [68.86.176.110]
5 12 ms 11 ms 11 ms xe-2-1-1-0-ar01.goodslettvll.tn.nash.comcast.net [68.86.176.53]
6 23 ms 19 ms 28 ms pos-2-2-0-0-cr01.atlanta.ga.ibone.comcast.net [68.86.90.189]
7 41 ms 42 ms 43 ms so-6-1-0-0-ar01.greenspoint.tx.houston.comcast.net [68.86.94.134]
8 43 ms 43 ms 41 ms po-12-ur01.greenspoint.tx.houston.comcast.net [68.85.244.150]
9 * * 42 ms cdns02.comcast.net [75.75.76.76]
Trace complete.
That traceroute test only shows the gateway that is used by that particular ICMP traceroute. The actual connections to DNS servers for real DNS queries is more complex and will usually point to more than just two DNS servers. A more comprehensive test can be easily done from the GRC DNS Nameserver Spoofability Test. That test does many, many real DNS queries to the DNS servers configured for your PC, and reports back a lot of information about those servers (including their real hostnames and IP addresses). In the test I just ran I got back replies form 28 different Comcast DNS servers located in Atlanta, Houston, and Naples.
I am attaching a zipped PDF file of the report from that test for those who might be interested in what kind of information is returned, but are afraid to click on the link I provided (of course, those folks will probably also be afraid to open the PDF file too). 
 GRC_DNSNames···Test.zip 1167880 bytes
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
4 edits | reply to JJJohnson
said by JJJohnson:Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.
I switched back to using my own local caching DNS server (with OpenDNS servers as backups) and the problems disappeared. I find it almost hard to believe Comcast's servers are that godawful bad, even though I stopped using them 12 years ago for exactly the same reason.
Your experience has been very much different than my experience with Comcast's Anycast DNSSEC servers. I started using them in March, 2011 (when I started using a Comcast Business Class connection), and I have had absolutely no problems with them. Perhaps your problem was that you used 75.75.75.76 (not a valid Comcast DNS server) as the primary DNS server?
C:\>nslookup www.dslreports.com 75.75.75.76
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 75.75.75.76: Timed out
Server: UnKnown
Address: 75.75.75.76
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
You should have used 75.75.75.75 as the primary, and 75.75.76.76 as the secondary.
C:\>nslookup www.dslreports.com 75.75.75.75
Server: cdns01.comcast.net
Address: 75.75.75.75
Non-authoritative answer:
Name: www.dslreports.com
Address: 209.123.109.175
C:\>nslookup www.dslreports.com 75.75.76.76
Server: cdns02.comcast.net
Address: 75.75.76.76
Non-authoritative answer:
Name: www.dslreports.com
Address: 209.123.109.175
FWIW, I don't use them "directly" either. I use them as the forwarding servers for my local Windows Server DNS server, and within my Comcast SMCD3G gateway router. I use the Windows server as primary, and the SMCD3G as secondary (but ultimately all external DNS queries go through the Comcast Anycast DNSSEC servers).
C:\>nslookup www.dslreports.com 192.168.9.2
Server: dcs-srv.dcs-net
Address: 192.168.9.2
Non-authoritative answer:
Name: www.dslreports.com
Address: 209.123.109.175
C:\>nslookup www.dslreports.com 192.168.10.254
Server: gw2.dcs-net
Address: 192.168.10.254
Non-authoritative answer:
Name: www.dslreports.com
Address: 209.123.109.175
If you would like to investigate the matter further, I would recommend trying the GRC DNS Benchmark Test and the GRC DNS Nameserver Spoofability Test. For my connection, the benchmark test usually puts the Comcast DNS servers in a tie position for second place with the Level3 4.2.2.x legacy Anycast DNS servers. My local servers (which ultimately forward external DNS queries to the Comcast servers) are of course always in first place (and OpenDNS is usually just an "also ran").
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
andyrossPremium,MVM
join:2003-05-04
Schaumburg, IL | It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones. |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by andyross:It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.
Yep, sometimes being on the leading edge (in this case strict adherence to DNSSEC) sometimes means being on the bleeding edge. I know that I had to make changes in some of my DNS records in order for DNSSEC servers (and Comcast's servers in particular) to properly resolve them.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to JJJohnson
said by JJJohnson:Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed. You must have some other issue. You might imagine that if 20% of all our customer DNS queries failed you would have a thousand people posting here and articles in the press.
Next time you have this issue, run dig at the command line and post the results here, as well as a traceroute to the IP of the server.
So, dig @75.75.75.75 www.google.com
and then dig @2001:558:FEED::1 www.google.com
and then traceroute 75.75.75.75
and then traceroute6 2001:558:FEED::1
- Jason
--
JL
Comcast |
|
jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to andyross
said by andyross:It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.
Right on. See also section 5 of this doc -- »tools.ietf.org/html/draft-living···ection-5
--
JL
Comcast |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| reply to jlivingood
said by jlivingood:said by JJJohnson:Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed. You must have some other issue. You might imagine that if 20% of all our customer DNS queries failed you would have a thousand people posting here and articles in the press... Of course, if he did actually use 75.75.75.76 as one of the DNS servers, that would readily explain the query failures.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. |
|
