Comcast public-facing DNS servers unreachable
Looks like Comcast's public-facing DNS servers aren't responsive. MXToolbox and a couple other DNS-related sites confirm this, but a simple dig +trace is sufficient as well. $ dig +trace pop3.comcast.net {snipping for brevity} ;; Received 1173 bytes from 192.203.230.10#53(e.root-servers.net) in 11 ms comcast.net. 172800 IN NS dns101.comcast.net. comcast.net. 172800 IN NS dns102.comcast.net. comcast.net. 172800 IN NS dns103.comcast.net. comcast.net. 172800 IN NS dns104.comcast.net. comcast.net. 172800 IN NS dns105.comcast.net. comcast.net. 86400 IN DS 40909 5 2 30C0F50E68DCC9A2F279A994C07CF22CED97AADF44C2B1FE38A1B32B A1A34174 comcast.net. 86400 IN DS 40909 5 1 DDC19733884EE533B35B4B57717BEA9B0EF2C4D1 comcast.net. 86400 IN RRSIG DS 8 2 86400 20230404061502 20230328050502 27254 net. btO4iRmoCjqgYlgZPCORiX7soM6Twg610wTSCdD/sxizsoLoWeB+vBXY mChMJmrhGenkhJroQoriY1FyMDl4EvcTyKRDYG3c8HL0p8ILo4kJAOWi CSAt/qB76i21+8SmLsvhE0bPuUUQQXv69vfDfjxxYVsAbbMGfTLvHNJT BX3B6CrqNzXARN2dpDaUsb/8r3i0ve9byu/Sur2vZIYjwg== couldn't get address for 'dns101.comcast.net': not found couldn't get address for 'dns102.comcast.net': not found couldn't get address for 'dns103.comcast.net': not found couldn't get address for 'dns104.comcast.net': not found ;; Received 649 bytes from 192.48.79.30#53(j.gtld-servers.net) in 15 ms -- | Jeremy Chadwick jdc_at_koitsu.org | | UNIX Systems Administrator PGP 0x2A389531 | | Making life hard for others since 1977. |
outages> Looks like Comcast's public-facing DNS servers aren't outages> responsive. [...] outages> comcast.net. 172800 IN NS dns101.comcast.net. outages> comcast.net. 172800 IN NS dns102.comcast.net. outages> comcast.net. 172800 IN NS dns103.comcast.net. outages> comcast.net. 172800 IN NS dns104.comcast.net. outages> comcast.net. 172800 IN NS dns105.comcast.net. These are their auth servers, including for comcast.net. Confirmed the IPs for them are pingable but they time out for any DNS query. The comcast recursive servers at 75.75.75.75 are still working but SERVFAIL for queries that ask dns10x.comcast.net.
Thanks Paul! I chose my words poorly. I should have said authoritative NSes. This affects comcast.com, xfinity.com, and xfinity.net as well as comcast.net as I originally reported. Unsure of any other domains. -- | Jeremy Chadwick jdc_at_koitsu.org | | UNIX Systems Administrator PGP 0x2A389531 | | Making life hard for others since 1977. | On Thu, Mar 30, 2023 at 10:14:44PM -0600, Paul Ebersman via Outages wrote:
outages> Looks like Comcast's public-facing DNS servers aren't outages> responsive. [...] outages> comcast.net. 172800 IN NS dns101.comcast.net. outages> comcast.net. 172800 IN NS dns102.comcast.net. outages> comcast.net. 172800 IN NS dns103.comcast.net. outages> comcast.net. 172800 IN NS dns104.comcast.net. outages> comcast.net. 172800 IN NS dns105.comcast.net.
These are their auth servers, including for comcast.net. Confirmed the IPs for them are pingable but they time out for any DNS query.
The comcast recursive servers at 75.75.75.75 are still working but SERVFAIL for queries that ask dns10x.comcast.net. _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
outages> This affects comcast.com, xfinity.com, and xfinity.net as well outages> as comcast.net as I originally reported. Unsure of any other outages> domains. Comcast does it's own auth for any of it's direct services, so all domains related to those. nbcuniversal.com is on akamai, so unaffected. the DNS team used to monitor @comcastdns on twitter, not sure if that's still the case.
DNS Water torture http://www.e-ontap.com/dns/todaydown.txt 3416 0.1.0.6.2.ip6.arpa. Mar 31 12:55:46 - Mar 31 13:59:11 % dnsq ns 0.1.0.6.2.ip6.arpa z.arin.net. 2 0.1.0.6.2.ip6.arpa: 152 bytes, 1+0+5+0 records, response, noerror query: 2 0.1.0.6.2.ip6.arpa authority: 0.1.0.6.2.ip6.arpa 86400 NS dns101.comcast.net authority: 0.1.0.6.2.ip6.arpa 86400 NS dns103.comcast.net authority: 0.1.0.6.2.ip6.arpa 86400 NS dns105.comcast.net authority: 0.1.0.6.2.ip6.arpa 86400 NS dns102.comcast.net authority: 0.1.0.6.2.ip6.arpa 86400 NS dns104.comcast.net On Thu, 30 Mar 2023 22:36:49 -0600 Paul Ebersman via Outages <outages@outages.org> wrote:
outages> This affects comcast.com, xfinity.com, and xfinity.net as well outages> as comcast.net as I originally reported. Unsure of any other outages> domains.
Comcast does it's own auth for any of it's direct services, so all domains related to those. nbcuniversal.com is on akamai, so unaffected.
the DNS team used to monitor @comcastdns on twitter, not sure if that's still the case. _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
-- T.Suzuki / E.F.シューマッハーとI.イリイチを読もう
participants (3)
-
Jeremy Chadwick -
Paul Ebersman -
T.Suzuki