Why must Comcast's DNS suck?

Ben Scott dragonhawk at gmail.com
Tue Nov 14 11:37:57 EST 2006


On 11/14/06, Paul Lussier <p.lussier at comcast.net> wrote:
> Nope.  The two I can remember of hand are:
>
>   www.evangelicaloutpost.com[1]
>   www.shamusyoung.com[2]

  FWIW: I just ssh'ed into my home system and checked those two names
against the two Comcast DNS servers present in my /etc/resolv.conf,
and everything appeared to resolve fine.

> Both result in 'not found' errors from home:
>
>   $ host www.evangelicaloutpost.com
>   Host www.evangelicaloutpost.com not found: 2(SERVFAIL)

  Hmmm, SERVFAIL is more than just a simple "not found", it means
"something is actively broken".  I have seen nameservers give that
response when you attempt to send a recursive query to a nameserver
configured to refuse connections or recursion.  But it can also
originate from a broken authoritative server or a lame delegation.

>   $ cat /etc/resolv.conf
>   search hsd1.ma.comcast.net.
>   nameserver 24.34.240.9
>   nameserver 24.34.241.9
>   nameserver 68.87.64.196

  Those reverse to:

24.34.240.9	chlm2-pdns-tmp.chelmsfdrdc2.ma.boston.comcast.net.
24.34.241.9	chlm2-2dns-tmp.chelmsfdrdc2.ma.boston.comcast.net.
68.87.64.196	ns.inflow.pa.bo.comcast.net.

  Note the "-tmp" in those first two names.  Meanwhile, I have these, from DHCP:

68.87.71.226	cns.chelmsfdrdc2.ma.boston.comcast.net.
68.87.73.242	cns.manassaspr.va.dc02.comcast.net.

  At a guess, it looks like you have stale entries in your resolv.conf file.

> I think they're managed via DHCP.

  You might want to make sure of that.  :-)

  Of course, as others suggested, setting up your own local,
full-service, recursive resolver is probably a good idea, too.

-- Ben


More information about the gnhlug-discuss mailing list