Today my gateway was replaced with a
root@infra:/etc/bind# nslookup www.comcast.com 1.2.3.4 Server: 1.2.3.4 Address: 1.2.3.4#53 Non-authoritative answer: www.comcast.com canonical name = www.comcast.com.edgekey.net. www.comcast.com.edgekey.net canonical name = e523.dscb.akamaiedge.net. Name: e523.dscb.akamaiedge.net Address: 23.45.1.143 root@infra:/etc/bind# nslookup www.comcast.com 4.5.6.7 Server: 4.5.6.7 Address: 4.5.6.7#53 Non-authoritative answer: www.comcast.com canonical name = www.comcast.com.edgekey.net. www.comcast.com.edgekey.net canonical name = e523.dscb.akamaiedge.net. Name: e523.dscb.akamaiedge.net Address: 23.45.1.143 root@infra:/etc/bind# nslookup www.comcast.com 9.8.7.6 Server: 9.8.7.6 Address: 9.8.7.6#53 Non-authoritative answer: www.comcast.com canonical name = www.comcast.com.edgekey.net. www.comcast.com.edgekey.net canonical name = e523.dscb.akamaiedge.net. Name: e523.dscb.akamaiedge.net Address: 23.45.1.143As it was not happening before, I'm assuming that it is a weird behavior from the gateway... it is configured in pass thru, firewall is disabled, wan dhcp is disabled, all rules are off... Is that a bug ? Am I missing some obvious button to disable that dreadful transparent proxying ?
Hi there GaelMartinez! Congratulations on the new gateway and thank you for taking the time to post your question about disabling the proxy! Have you already disabled the proxy settings on each connected device?
I will test in a bit, on the phone with another support tech, I did confirm that outbound port 53/tcp traffic does not reach its destination when portscanning between one of my servers directly plugged into the gateway and my remote server...
OK cool. I'll check back in with you later then!
Hello Ken
So after engineering looked at it, i was told it is not a comcast issue, "it is outside your boundaries for support"... it is an issue with my devices on the internet not recognizing my new modem....
Even if:
- the existing configuration worked for nearly 8 years until the modem was replaced...
- I can connect to various other servers on the internet on ports 48, 49, 50, 51,52,54,55,56 tcp but NOT 53 tcp/udp
- Looks like that new thingie Security Edge is definitively monitoring my dns traffic and cannot be turned off, the button is blocked ! I have my own security solution in place, I do not need comcast to restrict me like that...
- The fact that ANY ip on the internet does now appear as a valid functional DNS server when they should not !
- I'm impacted and cannot conduct my business as I did before 12/24 and had to rehost mail and dns servers to another location
- I cannot replace that gateway with my own without losing the static ips I have to avoid whatever firmware is impacting me
Thank you Comcast Business !... it is awesome to do business with you... I feel valued... not...
Hi! Thank you so much for providing this information and for your patience. I am sorry to learn that we have made you feel this way. We truly value you and are honored by your business. One option is seeing if we can find you a better bundle that does not include the Security Edge service. How does this sound?
Hello Gabe,
I would love that a lot.
Fantastic! You are awesome for bearing with me through this. What I recommend from here is to give our Loyalty team a call at (800) 391-3000. Our Loyalty department are a team of specialists who are dedicated to resolving package concerns such as this. How does this sound? What I would like to do from here is follow up with you on Monday to make sure you were able to receive a solution from our Loyalty team since I will be offline for the weekend.
Will call tomorrow, hope it solves my issue with the port 53 blockage...
Sounds good. I will be offline until Monday, 12/30/19 so I will make sure to follow up with you then to ensure that you receive a solution. In the meantime, please feel free to reach out for any additional questions or concerns. We team is here for you 24/7!
Hello Gabe
Called the loyalty team and was told they could not remove it as it was part of the current package i was moved into when I upgraded my bandwitdh... the issue is still present and now the security edge website throws an error at me when trying to connect to it ..
Hi there, I am so sorry to see that we have not yet reached a resolution with your concerns. I am so sorry for the delayed response and we do want to make sure that we can reach a resolution as quickly as possible and we can submit a request to look into this further for you. Can you please confirm the best contact number to reach you?
I seem to have the a similar problem and find myself increasingly annoyed as I discover all the problems with this router (CGA4131COM). What really bothers me is that I manually set my DNS, saved the settings..and they appeared to save as expected, yet, when I test those settings I find the DNS remain unchanged from default. I just got the router and this weekend was my first chance to learn about what I received. I started looking closer when I noticed problems with connection drops, which led to discovery of ipv6 issues... and on from there until I thought I was just going crazy.
Unfortunately I have court all day Monday but I will definitely need to speak to someone about rectifying the situation as soon as possible thereafter.
I would like to know how many of these routers were distributed to customers after significant issues were identified months ago? I hope I am just missing the solution thread and someone will point me to it real soon.
I would love to look further into your DNS concerns. Can you please reach out through private message with your first and last name, full service address and account number or phone number and we would love to assist at any time. You can always reach us here through the business forums or you can reach out at any time through 1-800-391-3000 if this is a more convenient option for you.
When I requested a speed upgrade to our Comcast Business account, I begged them not to include SecurityEdge, but they couldn't split it off. Several days ago the speed upgrage went beautifully, but at 3 am this morning Comcast apparently downloaded new modem firmware (I still can't login) and flipped on SecurityEdge. Our local DNS was rendered next to useless until I figured out what was going on and temporarily switched it to forwarding mode. Which by the way exposed a terrible performance latency that SecurityEdge causes in its less-than-transparently proxying (more like a man-in-the-middle DoS attack).
The Comcast CSRs were nice, and I eventually ran into one who agreed with me that SecurityEdge had to go. They escalated it up a tier and within a few hours it was disabled for the account. One I restored the original DNS config, everything worked perfectly. Comcast - please at least make SecurityEdge optional, or better yet, throw it back into the sewage.
Thank you so much for taking the time to reach out to us through our business forums regarding the security edge services. I very much appreciate your patience and greatly apologize for the delay in our response. I know how important the services are to your business and we want to do all that we can to assist.I would love to assist getting the security Edge services disabled for you. Can you please reach out through private message with your first and last name, full business service address and account number or phone number?
Hello Michelle, was your reponse for me ? I would still love to have that Edge service disabled as it is still blocking me from handling my secondary dns and blocks me from monitoring my other dns servers on the internet ... was told that I would have to pay more to get my service back and working as it was before due to the contract promotion...
Yes, that response was for you. I would love to dig further into your promotion and see what options we have to get that service removed for you. Can you please provide the requested account information through private message and we can get to the bottom of this for you.
Hello Michelle,
Getting the following message when trying to send you an email
I did send you all my info on 4/15 regarding my issue with disneyplus/bamgrid and unreliable location.. I will try again to send you a private message tomorrow if the system let me...
Thanks for reaching out again. I am sorry to hear that you are having an issue sending me a private message. I am going to send you one directly and you should be able to respond to that as well without issue.
Hi, Gael.
Baed upon the symptoms that you are describing, I suspect that I have become a victim of the same problem.
I upgraded my business service yesterday morning and since doing so all of my local DNS servers have been rendered useless. I am unable to resolve any external addresses for which my servers are not authoritative and see about a dozen FORMERR messages logged every 12 seconds or so in syslog.
Assuming that this is the same issue that you're experiencing, has there been any resolution yet?
Chris
Thanks so much for taking the time to reach out to us regarding your internet connection issues. I very much appreciate your patience and greatly apologize for the delay in our response. I know how important the services are to your business and we want to do all that we can to assist. I would love to get to the bottom of the DNS proxy issues. Can you please reach out through private message with your first and last name, business service address and account number or phone number?
@n0uk wrote:Hi, Gael.
Baed upon the symptoms that you are describing, I suspect that I have become a victim of the same problem.
I upgraded my business service yesterday morning and since doing so all of my local DNS servers have been rendered useless. I am unable to resolve any external addresses for which my servers are not authoritative and see about a dozen FORMERR messages logged every 12 seconds or so in syslog.
Assuming that this is the same issue that you're experiencing, has there been any resolution yet?
Chris
No Chris, as usual the case looped and went nowhere... I was sent back to a team to disable the
Security Edge, then that team prefered to send me back to the loyalty line that I tried already without success in the past as the Security Edge feature is part of the "promotion bundle I have" (note here: never i was told that this thing even when turned off was still breaking DNS)... the fix I was provided at the time was dropping the promotion and paying more ... to get the service back as before...
Hi there! Thanks so much for reaching out. You've absolutely reached the right place, and are in good hands. I will own this Issue for you and ensure that I provide the best help I can today. If I can look into this for you further, I'd like to see if I can troubleshoot this for you. Can you please send me a private note with the last four of the account number and/or last statement balance, your full name, phone number, and service address including city, state, and zip code?
@Comcast_Robert wrote:
Hi there! Thanks so much for reaching out. You've absolutely reached the right place, and are in good hands. I will own this Issue for you and ensure that I provide the best help I can today. If I can look into this for you further, I'd like to see if I can troubleshoot this for you. Can you please send me a private note with the last four of the account number and/or last statement balance, your full name, phone number, and service address including city, state, and zip code?
Hello Robert, I do not know if you were answering to Chris or myself...
In case, my info is
I appreciate your detailed reply. I apologize you are having trouble with your DNS servers. Let me take a closer look at your service in greater detail. Do you currently have any online access?
Hey Chris,
did you ever get a fix from comcast for that issue ? I did figure out a work around that I can share with you in private to go around that awful $@#$@#$ of transparent proxying on port 53 outbound...
Gael, can you share that solution here? I've just his the same darn issue and have yet to call and try and get it fixed, but it's crippling our ability to do anything. I hate it, and want SecurityEdge gone - it is not something I wanted, just something they threw at me. I'm also renting hardware which can't work with my IP ranges and is useless to me. I am not impressed with this "upgrade".
Hello, thanks for sharing your message and this experience. I am sorry you have had service trouble while having Security Edge. The last thing we want is for this service to cause this type of frustration. Are you able to send a private message so I can locate your account? I should be able to work with our business contacts to disable the feature and I will review all possibilities with you.
Hello, the very same thing happened to me--I got a service upgrade a few days ago, and with a modem swap, my manual DNS settings no longer work.
Is there a way to resolve this?
Thanks so much for taking the time to reach out to us regarding your DNS issues. I very much appreciate your patience and greatly apologize for the delay in our response. I know how important the services are to your business and we want to do all that we can to assist. I can only imagine how impactful this DNS Proxy issue is to your business and I would love to get to the bottom of this with you. Can you please reach out through private message with your first and last name, business service address and account number or phone number?