site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

US Cable Support > Comcast HSI > [DNS] Comcast DNS connectivity issues

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Forum Rules ·Forum FAQ ·Bandwidth Limits/Congestion Management ·Copyright Infringement?
AuthorAll Replies


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
4 edits

reply to JJJohnson

Re: [DNS] Comcast DNS connectivity issues

said by JJJohnson:

Just how bad _are_ Comcast's DNS servers? I switched to them briefly today. The two servers assigned through DHCP were 75.75.75.76 and 75.75.75.75. While using them I was getting at least 20% failed DNS lookups just doing typical web browsing. Jeezus, even www.google.com failed.

I switched back to using my own local caching DNS server (with OpenDNS servers as backups) and the problems disappeared. I find it almost hard to believe Comcast's servers are that godawful bad, even though I stopped using them 12 years ago for exactly the same reason.

Your experience has been very much different than my experience with Comcast's Anycast DNSSEC servers. I started using them in March, 2011 (when I started using a Comcast Business Class connection), and I have had absolutely no problems with them. Perhaps your problem was that you used 75.75.75.76 (not a valid Comcast DNS server) as the primary DNS server?


C:\>nslookup www.dslreports.com 75.75.75.76
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 75.75.75.76: Timed out
Server:  UnKnown
Address:  75.75.75.76
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out


You should have used 75.75.75.75 as the primary, and 75.75.76.76 as the secondary.


C:\>nslookup www.dslreports.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 75.75.76.76
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175


FWIW, I don't use them "directly" either. I use them as the forwarding servers for my local Windows Server DNS server, and within my Comcast SMCD3G gateway router. I use the Windows server as primary, and the SMCD3G as secondary (but ultimately all external DNS queries go through the Comcast Anycast DNSSEC servers).


C:\>nslookup www.dslreports.com 192.168.9.2
Server:  dcs-srv.dcs-net
Address:  192.168.9.2
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175
 
C:\>nslookup www.dslreports.com 192.168.10.254
Server:  gw2.dcs-net
Address:  192.168.10.254
 
Non-authoritative answer:
Name:    www.dslreports.com
Address:  209.123.109.175


If you would like to investigate the matter further, I would recommend trying the GRC DNS Benchmark Test and the GRC DNS Nameserver Spoofability Test. For my connection, the benchmark test usually puts the Comcast DNS servers in a tie position for second place with the Level3 4.2.2.x legacy Anycast DNS servers. My local servers (which ultimately forward external DNS queries to the Comcast servers) are of course always in first place (and OpenDNS is usually just an "also ran").
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
to forum · permalink · 2012-08-05 11:23:17 ·

andyross
Premium,MVM
join:2003-05-04
Schaumburg, IL

It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.

to forum · permalink · 2012-08-05 17:30:14 ·


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast

said by andyross:

It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.

Yep, sometimes being on the leading edge (in this case strict adherence to DNSSEC) sometimes means being on the bleeding edge. I know that I had to make changes in some of my DNS records in order for DNSSEC servers (and Comcast's servers in particular) to properly resolve them.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
to forum · permalink · 2012-08-05 18:30:08 ·


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1

reply to andyross

said by andyross:

It should be mentioned that some .gov sites have occasional issues. It's not Comcast's fault, though. The keys for the .gov sites are regularly updated, but they don't broadcast the proper TTL or something like that, so Comcast tries to use expired ones.

Right on. See also section 5 of this doc -- »tools.ietf.org/html/draft-living···ection-5
--
JL
Comcast
to forum · permalink · 2012-08-05 18:43:53 ·
Forums > US Cable Support > Comcast HSI

Thursday, 20-Jun 01:58:15 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics