dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
55
share rss forum feed


JJJohnson

join:2001-08-25
Fort Collins, CO
reply to fxsapp

Re: [DNS] Comcast DNS connectivity issues

Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.

I switched back to using my own local caching DNS server (with OpenDNS servers as backups) and the problems disappeared. I find it almost hard to believe Comcast's servers are that godawful bad, even though I stopped using them 12 years ago for exactly the same reason.



Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:3
Reviews:
·Comcast

Hmm you're having trouble with the DNS servers? I've been using them exclusively since before they first switched over to the Anycast DNS system, and I've really never had any problems. I hope this isn't a sign of bad times coming.



JJJohnson

join:2001-08-25
Fort Collins, CO

Is everyone assigned the same DNS servers, or are they regional? I may try it again to see whether something else was going on.



Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:3
Reviews:
·Comcast

According to Comcast's DNS page the DNS addresses 75.75.75.75 and 75.75.76.76 (as well as the two IPv6 addresses) are distributed across many servers via Anycast for redundancy and reliability, so thats a hard question to define within the parameters of local, regional, and national. Every Comcast customer within the nation receives the same DNS addresses by default and the nodes are geographically dispersed.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

4 edits
reply to JJJohnson

said by JJJohnson:

Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.

I switched back to using my own local caching DNS server (with OpenDNS servers as backups) and the problems disappeared. I find it almost hard to believe Comcast's servers are that godawful bad, even though I stopped using them 12 years ago for exactly the same reason.

Your experience has been very much different than my experience with Comcast's Anycast DNSSEC servers. I started using them in March, 2011 (when I started using a Comcast Business Class connection), and I have had absolutely no problems with them. Perhaps your problem was that you used 75.75.75.76 (not a valid Comcast DNS server) as the primary DNS server?


C:\>nslookup www.dslreports.com 75.75.75.76
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 75.75.75.76: Timed out
Server:  UnKnown
Address:  75.75.75.76
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
 
 


You should have used 75.75.75.75 as the primary, and 75.75.76.76 as the secondary.


C:\>nslookup www.dslreports.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 75.75.76.76
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 


FWIW, I don't use them "directly" either. I use them as the forwarding servers for my local Windows Server DNS server, and within my Comcast SMCD3G gateway router. I use the Windows server as primary, and the SMCD3G as secondary (but ultimately all external DNS queries go through the Comcast Anycast DNSSEC servers).


C:\>nslookup www.dslreports.com 192.168.9.2
Server:  dcs-srv.dcs-net
Address:  192.168.9.2
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 192.168.10.254
Server:  gw2.dcs-net
Address:  192.168.10.254
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 


If you would like to investigate the matter further, I would recommend trying the GRC DNS Benchmark Test and the GRC DNS Nameserver Spoofability Test. For my connection, the benchmark test usually puts the Comcast DNS servers in a tie position for second place with the Level3 4.2.2.x legacy Anycast DNS servers. My local servers (which ultimately forward external DNS queries to the Comcast servers) are of course always in first place (and OpenDNS is usually just an "also ran").
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

andyross
Premium,MVM
join:2003-05-04
Schaumburg, IL

It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by andyross:

It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.

Yep, sometimes being on the leading edge (in this case strict adherence to DNSSEC) sometimes means being on the bleeding edge. I know that I had to make changes in some of my DNS records in order for DNSSEC servers (and Comcast's servers in particular) to properly resolve them.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 recommendation

reply to JJJohnson

said by JJJohnson:

Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.

You must have some other issue. You might imagine that if 20% of all our customer DNS queries failed you would have a thousand people posting here and articles in the press.

Next time you have this issue, run dig at the command line and post the results here, as well as a traceroute to the IP of the server.

So, dig @75.75.75.75 www.google.com
and then dig @2001:558:FEED::1 www.google.com
and then traceroute 75.75.75.75
and then traceroute6 2001:558:FEED::1

- Jason
--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to andyross

said by andyross:

It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.

Right on. See also section 5 of this doc -- »tools.ietf.org/html/draft-living···ection-5
--
JL
Comcast


NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to jlivingood

said by jlivingood:

said by JJJohnson:

Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.

You must have some other issue. You might imagine that if 20% of all our customer DNS queries failed you would have a thousand people posting here and articles in the press...

Of course, if he did actually use 75.75.75.76 as one of the DNS servers, that would readily explain the query failures.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


JJJohnson

join:2001-08-25
Fort Collins, CO

said by NetFixer:

Of course, if he did actually use 75.75.75.76 as one of the DNS servers, that would readily explain the query failures.

Naw, just copied the wrong IP. It was using DHCP, so whatever the IP addresses were handed out.