Trouble accessing Register.com domains from Comcast and other ISP’s

On 5/12/2020, Domain Names using register.com DNS Servers become intermittently inaccessible from Comcast internet connections. The root cause of this issue appears to be DNSSEC/EDNS compatibility between register.com and Comcast, Time Warner, Charter, and other DNS Servers.

After initial testing, Comcast DNS Servers were responding with a “Servfail” error on affected domains, which means the domain exists but the authoritative DNS server(register.com) for that domain is giving an “invalid response”. Further digging indicated that the Comcast DNS Servers appears to be using DNSSEC/EDNS features that register.com appears to not support. This incompatibility is most likely the cause of the “invalid response”.

Considering that either Comcast(and several other ISP’s) would have to downgrade their DNS servers or register.com would need to upgrade theirs, AIS recommends moving DNS records to Amazon AWS Route53 because their DNS Servers support the latest DNS features and is the most robust DNS service.

The AIS Network Monitoring Service(NMS) includes Amazon AWS Route53 DNS hosting services for greater reliability and robust DNS health-check capabilities.