My DNS service stopped working on Marsh 22, 2023 — my Comcast server sees my primary DNS as non-authoritative?!
I'm wondering whether this is me or Comcast "tempering" with my DNS packets.
From my computer connected through Comcast, when I try:
dig @ns1.m2osw.com best-gamblers.games
The response is NON-AUTHORITATIVE, the "aa" flag is missing:
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
When I try the exact same `dig` command from any other server, it works as expected. My DNS ns1.m2osw.com is clearly authoritative (the aa flag is set):
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
Is Comcast removing the "aa" flag from UDP packets before it reaches my server at my business?! Why would there be such a difference with my Comcast connected computer than any other computer?
12 days ago
Hello @Alexis_W! Thank you for reaching out on our business forum. Can you tell me what troubleshooting steps you've tried? Typically, resetting the modem and checking firewall settings may help.
12 days ago
Everything else works. If you want to see more details, I have a post on Stackoverflow: https://serverfault.com/questions/1127083/all-of-my-dns-zones-do-not-make-it-on-the-slave-what-is-wrong
Clearly, my firewall is not an issue (my firewall would not change the "aa" flag) and unless Comcast changed something in the router we are using or somewhere else, it should work the same as it did before Marsh 22. I've already spent 3 days total on it, I'm pretty convince that the last possibility is that Comcast added something to my account whenever I had a new bundle added.
The symptoms sound very similar to what I see on this post: https://forums.businesshelp.comcast.com/conversations/domain-namesstatic-ip/transparent-dns-proxying-started-after-a-modem-swap/5fe0a629c5375f08cd95b75b