Skip to content
Skip to main content

  • Home

A
Alexis_W

New Contributor

 • 

6 Messages

Sunday, May 21st, 2023 8:09 PM

My DNS service stopped working on Marsh 22, 2023 — my Comcast server sees my primary DNS as non-authoritative?!

I'm wondering whether this is me or Comcast "tempering" with my DNS packets.

From my computer connected through Comcast, when I try:

dig  @ns1.m2osw.com best-gamblers.games

The response is NON-AUTHORITATIVE, the "aa" flag is missing:

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

When I try the exact same `dig` command from any other server, it works as expected. My DNS ns1.m2osw.com is clearly authoritative (the aa flag is set):

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

Is Comcast removing the "aa" flag from UDP packets before it reaches my server at my business?! Why would there be such a difference with my Comcast connected computer than any other computer?

Question

 • 

Updated 

1 year ago

 • Edited

73

2

CC_Jennifer

Contributor

 • 

17 Messages

1 year ago

Hello @Alexis_W! Thank you for reaching out on our business forum. Can you tell me what troubleshooting steps you've tried? Typically, resetting the modem and checking firewall settings may help.

(edited)

0

0

Alexis_W

New Contributor

 • 

6 Messages

1 year ago

Everything else works. If you want to see more details, I have a post on Stackoverflow: https://serverfault.com/questions/1127083/all-of-my-dns-zones-do-not-make-it-on-the-slave-what-is-wrong

Clearly, my firewall is not an issue (my firewall would not change the "aa" flag) and unless Comcast changed something in the router we are using or somewhere else, it should work the same as it did before Marsh 22. I've already spent 3 days total on it, I'm pretty convince that the last possibility is that Comcast added something to my account whenever I had a new bundle added.

The symptoms sound very similar to what I see on this post: https://forums.businesshelp.comcast.com/conversations/domain-namesstatic-ip/transparent-dns-proxying-started-after-a-modem-swap/5fe0a629c5375f08cd95b75b

7

0

CC_Xavier

Contributor

 • 

15 Messages

Thank you, we will be happy to schedule a free technician visit to ensure all your services are working to your expectations. Can you go to a peer-to-peer message, please?

I no longer work at Comcast.

Like

Reply

1 year ago

0

Alexis_W

New Contributor

 • 

6 Messages

Hi Xavier,

Do you mean direct messaging? It looks like I can't send you messages on there. When I put your name in the "To: ..." box, it gets erased when I click somewhere else and you do not appear in the dropdown list.

Like

Reply

1 year ago

0

CC_Xavier

Contributor

 • 

15 Messages

Correct!

I no longer work at Comcast.

Like

Reply

1 year ago

0

Alexis_W

New Contributor

 • 

6 Messages

So you understand that I can't message you, right?

What's next? Can you start the conversation? Can I contact someone else? (I also don't see Comcast_Jennifer)

Like

Reply

1 year ago

0

CC_Xavier

Contributor

 • 

15 Messages

Could you please send our team a direct message with your full name and full address? Our team can most definitely take a further look at this issue. To send a "Peer to peer" ("Private") message:
Click "Sign In" if necessary
• Click the "Peer to peer chat" icon
• Click the "New message" (pencil and paper) icon
• Type "Xfinity Support" in the "To:" line and select "Xfinity Support" from the drop-down list which appears. The "Xfinity Support" graphic replaces the "To:" line
• Type your message in the text area near the bottom of the window
• Press Enter to send it

I no longer work at Comcast.

Like

Reply

1 year ago

0