dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16070
share rss forum feed


JJJohnson

join:2001-08-25
Fort Collins, CO
reply to NetFixer

Re: [DNS] Comcast DNS connectivity issues

said by NetFixer:

Of course, if he did actually use 75.75.75.76 as one of the DNS servers, that would readily explain the query failures.

Naw, just copied the wrong IP. It was using DHCP, so whatever the IP addresses were handed out.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

3 edits
reply to fxsapp
Well, I am going to have to update my previous statement that I have never had a problem with Comcast's Anycast DNSSEC servers.


C:\>nslookup test-ipv6.com 4.2.2.1
Server:  a.resolvers.level3.net
Address:  4.2.2.1
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
C:\>nslookup test-ipv6.com 68.94.156.1
Server:  dnsr1.sbcglobal.net
Address:  68.94.156.1
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
C:\>nslookup test-ipv6.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to cdns01.comcast.net timed-out
 
C:\>nslookup test-ipv6.com 68.87.68.162
Server:  nrcns.s3woodstock.ga.atlanta.comcast.net
Address:  68.87.68.162
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to nrcns.s3woodstock.ga.atlanta.comcast.net timed-out
 
 


And the strange thing is that test-ipv6.com is one of the sites that Comcast directs you to use on their IPv6 Information Center site. That was how I discovered the problem. I had just made some network changes and I wanted to test IPv6 functionality.

EDIT: Well (at least for today), I have reverted to using the Level3 legacy 4.2.2.x servers for external DNS forwarding (they are marginally faster than Comcast's servers anyway).




Thank you, Level3 for allowing public access to your DNS servers.




Yeah, I know (7/10), but I'm stuck with using a tunnel until Comcast updates the firmware in their SMCD3G-CCR gateways and decides how they are going to handle native dual stack for their static IP business class customers.

EDIT: FWIW, the "mini-outage" didn't last very long . I only say the problem for ~ 2 hours...I kept a script file running doing nslookups until I noticed that they had started working again).


C:\>nslookup test-ipv6.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
C:\>nslookup test-ipv6.com 75.75.76.76
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
C:\>nslookup test-ipv6.com 68.87.68.162
Server:  nrcns.s3woodstock.ga.atlanta.comcast.net
Address:  68.87.68.162
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
 

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
I wonder if it was really DNS...

From NANOG:

Re: Bell Canada outage?
From: Darius Jahandarie
Date: Wed, 8 Aug 2012 14:35:41 -0400
On Wed, Aug 8, 2012 at 2:31 PM, Zachary McGibbon
wrote:
Anyone at Bell Canada / Sympatico can tell us what's going on? Our routing table is going nuts with Bell advertising a lot of routes they shouldn't be

Bell leaked a full table. To add to the fun, it seems that TATA took the full table and releaked it.

--
JL
Comcast


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
said by jlivingood:

I wonder if it was really DNS... ;-)

From NANOG:


Re: Bell Canada outage?
From: Darius Jahandarie
Date: Wed, 8 Aug 2012 14:35:41 -0400
On Wed, Aug 8, 2012 at 2:31 PM, Zachary McGibbon
wrote:
Anyone at Bell Canada / Sympatico can tell us what's going on? Our routing table is going nuts with Bell advertising a lot of routes they shouldn't be

Bell leaked a full table. To add to the fun, it seems that TATA took the full table and releaked it.

If it wasn't it a Comcast DNS problem ir was doing a really good job of imitating a Comcast DNS problem since both AT&T and Level3 DNS worked.

Here is a repost of the DNS query results from my previous post:

C:\>nslookup test-ipv6.com 4.2.2.1
Server:  a.resolvers.level3.net
Address:  4.2.2.1
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
C:\>nslookup test-ipv6.com 68.94.156.1
Server:  dnsr1.sbcglobal.net
Address:  68.94.156.1
 
Non-authoritative answer:
Name:    test-ipv6.com
Address:  216.218.228.114
 
C:\>nslookup test-ipv6.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to cdns01.comcast.net timed-out
 
C:\>nslookup test-ipv6.com 68.87.68.162
Server:  nrcns.s3woodstock.ga.atlanta.comcast.net
Address:  68.87.68.162
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to nrcns.s3woodstock.ga.atlanta.comcast.net timed-out
 
 


I also had access to http://test-ipv6.com when using their DNS servers (as was also shown in my previous post), and I had no problems doing a ping or traceroute to 216.218.228.114 which doesn't even use DNS (perhaps I should have saved and posted those results as well); all of which indicated to me that the routing to the site from my Comcast connection was fine.

I will concede that it is certainly possible that something external to Comcast's DNS servers might have been responsible. However, the end result for someone using Comcast DNS servers was still a Comcast DNS problem (which did not effect AT&T or Level3 DNSSEC servers). Whatever the low level cause, it was fortunately quickly resolved and I reverted to using Comcast DNS servers for my external DNS query forwarding shortly after it started working again.

FWIW, the reason for my previous post was just for the sake of accuracy because I had earlier posted in this thread that I had never had a problem with the Comcast DNSSEC servers. I have certainly also seen similar brief site specific problems using DNS servers from AT&T, Level3, et al in the past (and if they had also been unable to resolve test-ipv6.com I would have not bothered to make my previous post).

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

fxsapp

join:2005-10-03
Fargo, ND
reply to fxsapp
not to necro this thread but I wanted to update about the
situation. The outages have become more frequent, now they last 6 hours or more at a time. The gateway shows the connection as online (Linksys X2000) When we ping the gateway its fine, pinging any DNS server or website it is timed out. So what does that tell you? There has been techs to come out twice so far to look at the problem, 3rd tech scheduled to come tomorrow morning.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
said by fxsapp:

not to necro this thread but I wanted to update about the
situation. The outages have become more frequent, now they last 6 hours or more at a time. The gateway shows the connection as online (Linksys X2000) When we ping the gateway its fine, pinging any DNS server or website it is timed out. So what does that tell you? There has been techs to come out twice so far to look at the problem, 3rd tech scheduled to come tomorrow morning.

It would really help to get your problem diagnosed if you provided some details. The vague symptoms you have described so far could be almost anything.

When your ping tests fail, are you pinging by IP address, or by hostname. Does the ping resolve the IP address of the host you are pinging? If you don't understand what I am asking, then how about showing us the actual ping tests you are doing. Since you seem to think that you are having a DNS problem, how about showing us the results of some DNS queries by using the nslookup command from a command window.

The following commands would tell us a lot about whether or not you have a DNS problem:

nslookup www.dslreports.com

nslookup www.dslreports.com 75.75.75.75

nslookup www.dslreports.com 4.2.2.1

nslookup www.dslreports.com8.8.8.8

The first nslookup will use your default DNS server (probably your gateway, but we don't know that at this since you did not supply the ipconfig information that was previously requested).

The second nslookup will use the Comcast Anycast DNS server.

The third nslookup will use a Level3 legacy DNS server.

The last nslookup will use a Google DNS server.

Here are my results for those commands to use as a reference:


C:\>nslookup www.dslreports.com
*** Can't find server name for address 192.168.9.1: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.9.1
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 4.2.2.1
Server:  a.resolvers.level3.net
Address:  4.2.2.1
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
 


If none of the nslookups for www.dslreports.com work properly, try doing a ping 209.123.109.175. If that fails, then your problem is purely a connectivity problem, and has nothing to do with DNS.

Unless you provide us with some actual information that can be used for a diagnosis, nobody here is going to be able to do anything but reply with totally wild guesses. At this point, my guess is that you probably just have a problem with your gateway not being able to get IP connectivity (and hopefully that symptom will be present when the Comcast tech looks at your problems).

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

fxsapp

join:2005-10-03
Fargo, ND
I'll try to provide more information for this issue, I apologize for not following the rules, I am providing this information for a friend, and it is difficult to relay the information from tracert and ping etc, through text messaging- but next time I will wait to post until I have all the proper info


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
said by fxsapp:

I'll try to provide more information for this issue, I apologize for not following the rules, I am providing this information for a friend, and it is difficult to relay the information from tracert and ping etc, through text messaging- but next time I will wait to post until I have all the proper info

You didn't bread any rules; it is just that nobody is going to be able to properly diagnose your (and/or your friend's) problem without some real data to look at. Vague generic symptoms generate vague generic answers.

In case the problem is just a simple cable network connectivity problem, the modem's (or gateway's) connection stats and logs would be helpful as well as the results of the TCPIP connectivity tests I previously suggested.

Does your friend have a data plan for his/her cell phone? If so, this site's http://text.dslreports.com/ gateway might make access via a cell phone a bit easier so that your friend can personally take part in this thread (assuming that your friend's cable connection is so bad that using it is impossible).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

fxsapp

join:2005-10-03
Fargo, ND
turns out it it not a DNS issue, even though that is the error that we get when the connection goes down, for all of the tests 1 through 5 , nslookup and ping tests, all timed out- meaning that it is a connectivity issue, a tech has been out 3 separate times to look at the problem, changed modem, checked cabling no resolution. I'll try to get some logs from the modem and see what the errors are... I'm assuming the tech looked at that, but it seems like they cannot figure out what the problem is.