Welcome to Comcast DNS

This site provides you with the Comcast DNS server status, IP addresses, and troubleshooting tools. As part of our ongoing efforts to protect our customers and provide great security features, DNSSEC validation is now included as part of Comcast Constant Guard™ from Xfinity.

Subscribe to feed Latest Entries

Reports of Errors for the 021yy.org Domain

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on March 13, 2014
in DNS News

Comcast saw reports on Slashdot of errors resolving the 021yy.org domain name. Upon investigation it appears the domain is improperly delegated to the authoritative servers for this domain (one of which is ns1.booen.com). Specifically if we query ns1.booen.com and ask for the SOA record, the answer does not say “021yy.org” in the authority section, but rather booen.com. This is a non-authoritative answer, which is not how an authoritative server should work. Furthermore, if we query ns1.booen.com and ask for the NS records for 021yy.org, the server gives an NXDOMAIN response, rather than the authoritative nameservers for the domain, which results in an incorrectly delegated and incorrectly configured zone.

So, in short, and contrary to claims made in Slashdot, Comcast is not blocking access to 021yy.org, and nothing is wrong with our DNS servers. Rather, we recommend that the authoritative DNS administrator work to fix their DNS records and work with their DNS server software vendor to make their server DNS protocol compliant. As a side note we recommend the domain owner increases the TTL on their A and AAAA RRs from just 60 seconds to enhance cache-ability. We’re happy to assist in that process if needed; just use our contact form on this website.

Tags: DNS News

dcma.mil is failing DNSSEC validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on January 14, 2014
in DNSSEC News

dcma.mil is attempting to send a payload that exceeds their path MTU (between 1130 and 540 bytes). DNS resolvers may not be able to properly receive the DNSKEY RRset with its covering RRSIGs. 

Tags: DNSSEC

gov Failing DNSSEC Validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on August 14, 2013
in DNSSEC News

The domain .gov is currently failing DNSSEC validation This is because the chain of trust within the gov domain is broken. The domain owners have been contacted and made aware of the issue. The DNSViz report of this failure can be found at http://dnsviz.net/d/gsa.gov/UguNUw/dnssec/

Tags: DNSSEC

GoDaddy Domain Resolution Issues on June 2, 2013

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on June 05, 2013
in DNS News

Customers in our northern California and Utah markets reported sporadic DNS failures when looking up domain names hosted by GoDaddy. Working with GoDaddy we learned that queries from these parts of our network routed to a GoDaddy Anycast node that was experiencing technical issues that caused our queries to timeout, while queries from other parts of our network were answered normally. GoDaddy made some Anycast changes and DNS resolution for our customers returned to normal.

Tags: DNS News

flyinggiants.com Failing DNSSEC Validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on May 29, 2013
in DNSSEC News

The domain flyinggiants.com is currently failing DNSSEC validation. This is because RRSIG records in the domain are expired. The domain owners have been contacted and made aware of the issue. The DNSViz report of this failure can be found at http://dnsviz.net/d/flyinggiants.com/UaYVFQ/dnssec/.

 
Tags: DNSSEC

Some Netgear Routers Causing Flood of DNS Queries

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on May 20, 2013
in DNS News

We have noticed that certain Netgear routers with older firmware are performing DNS queries for the names of Netgear NTP servers at a rapid rate, which we initially thought was a DDOS attack on our DNS recursive resolvers.  This seems to occur when a cable modem is reset. The router firmware bug can cause a single router to query at rates of thousands per second (millions per day) and impact that customer’s experience by flooding their connection until the router is reset. The DNS records being queried are: time-a.netgear.com, time-b.netgear.com, time-c.netgear.com

Netgear has confirmed the firmware bug and recommends the end users update their device’s firmware to the latest build for the impacted devices. The following links provide specific instructions on upgrading:

WNDR4500: http://support.netgear.com/product/wndr4500
WNR3500Lv2: http://support.netgear.com/product/wnr3500lv2

If anyone needs help upgrading or has additional questions, they can contact Netgear directly at (888)NETGEAR. They are aware of the issue and ready to assist customers.

Tags: DNS News

www.bncr.fi.cr Failing DNSSEC Validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on April 30, 2013
in DNSSEC News

The domain bncr.fi.cr is currently failing DNSSEC validation. This is because several RRSIG records in the domain are invalid, including www.bncr.fi.cr. The domain owners have been contacted and made aware of the issue. The DNSViz report of this failure can be found at http://dnsviz.net/d/www.bncr.fi.cr/UX_OqQ/dnssec/.

Tags: DNSSEC

vsp.virginia.gov Failing DNSSEC Validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on April 11, 2013
in DNSSEC News

The domain vsp.virginia.gov is currently failing DNSSEC validation. This is because DNSKEYs are expired. The domain owners have been contacted and made aware of the issue. The DNSViz report of this failure can be found at http://dnsviz.net/d/vsp.virginia.gov/UWb1Yg/dnssec/.

Tags: DNSSEC

energystar.gov Failing DNSSEC Validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on April 11, 2013
in DNSSEC News

The domain energystar.gov is currently failing DNSSEC validation. This is because the domain has a published DS record that does not match any DNSKEY record. The domain owners have been contacted and made aware of the issue. The DNSViz report of this failure can be found at http://dnsviz.net/d/energystar.gov/UWbUKg/dnssec/.

Tags: DNSSEC

bncr.fi.cr Failing DNSSEC Validation

Posted by Comcast
Comcast
Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainmen...
User is currently offline
on April 11, 2013
in DNSSEC News

The domain bncr.fi.cr is currently failing DNSSEC validation. This is because the RRSIG and DNSKEY do not validate records in the domain. The domain owners have been contacted and made aware of the issue. The DNSViz report of this failure can be found at http://dnsviz.net/d/bncr.fi.cr/UWbGQA/dnssec/.

Tags: DNSSEC
This 
server cluster is functioning properly.This server cluster is functioning 
properly.
RSS Feed
Share this page on the social networks