[NMLUG] comcast customers

[bohnsack at bohnsack.com (Matthew Bohnsack)]

* Larry W. Wood <lwwoody@comcast.net> [Jun 05, 2004 at 12:53:31PM MDT]:
> The only problem I've experienced, and it occurs randomly (can be
> anytime of day or night), but not frequently (probably averages about
> once every two weeks), is what appears to be loss of DNS service.
> Can't connect to ANY web site.  Error message states that the browser
> can't find the URL.  The solution is:  Wait about five minutes and try
> again.  This has always worked.
> 
> I just figured that Comcast was performing maintenance, modifying or
> updating their DNS servers.  I don't know why both the primary and
> backup have to go down at the same time, though.

I see this (loss of DNS) as well.  Sometimes up to once a week.  If I'm
seeing it this much, it must be happening at an even greater frequency.
It doesn't seem to be total loss of DNS.  What I mostly see is a
selective loss, where only certain host names, sometimes more, sometimes
less, fail to resolve.  As far as I can tell, it's not that both the
primary and backup DNS servers go away, it's that one of them starts
returning bigus negative responses.  With negative responses, i.e., host
"foo.bar.com does not exist", the server listed as your secondary DNS
server isn't even queried.  For your resolver to query and then get an
answer from the secondary DNS server, the primary server would have to
be unresponsive. E.g., "connection refused" or "connection timed out".
Instead, the broken DNS server seems to be responding with bogus answers
that are wrong but correct protocol-wise.

This kind of behavior shouldn't happen during normal maintenance.  I'd
say it's serious breakage and it pisses me off.

This is all just my somewhat well informed speculation at this point.
I've never really taken the time to produce 100% proof, but I might
generate such the next time it happens.  Can anyone corroborate what I'm
speculating on?

I've come to this conclusion, based on the following procedure that I
have to go through every time I experience the breakage:

a) /etc/resolv.conf says:
nameserver 68.35.172.6
nameserver 68.35.172.5

b) I experience loss of name resolution

c) I flip primary and secondary DNS servers so /etc/resolv.conf says:
nameserver 68.35.172.5
nameserver 68.35.172.6

d) Name resolution works again

e) Time passes...

f) I experience loss of name resolution 

g) I flip primary and secondary DNS servers so /etc/resolv.conf says:
nameserver 68.35.172.6
nameserver 68.35.172.5

h) Name resolution works again

g) ... etc., etc.


Of course I could just set up by own caching DNS server, as I've done in
the past, but it's a lot more fun to be pissed at the cable company's
inability to reliably get it done.


In case anyone's interested, Comcast's DNS servers seem to be running
BIND on Solaris.  I don't follow BIND or Solaris anymore.  Does anyone
know if these verions are up-to-date:

# ./fpdns-0.9.0 68.35.172.5
fingerprint (68.35.172.5, 68.35.172.5): BIND 8.2.2-P3 -- 8.3.0-T2A [recursion enabled]
# ./fpdns-0.9.0 68.35.172.6
fingerprint (68.35.172.6, 68.35.172.6): BIND 8.2.2-P3 -- 8.3.0-T2A [recursion enabled]


# nmap -O 68.35.172.5
PORT   STATE SERVICE
53/tcp open  domain
Running: Sun Solaris 2.X|7
OS details: Sun Solaris 2.6 - 7 with tcp_strong_iss=2
Uptime 82.607 days (since Sun Mar 14 23:08:15 2004)

# nmap -O 68.35.172.6
PORT   STATE SERVICE
53/tcp open  domain
Running: Sun Solaris 2.X|7
OS details: Sun Solaris 2.6 - 7 with tcp_strong_iss=2
Uptime 82.605 days (since Sun Mar 14 23:12:22 2004)