Trouble accessing domains from Comcast and other ISP’s

Trouble accessing domains from Comcast and other ISP’s

On 5/12/2020, Domain Names using DNS Servers become intermittently inaccessible from Comcast internet connections. The root cause of this issue appears to be DNSSEC/EDNS compatibility between and Comcast, Time Warner, Charter, and other DNS Servers.

After initial testing, Comcast DNS Servers were responding with a “Servfail” error on affected domains, which means the domain exists but the authoritative DNS server( for that domain is giving an “invalid response”. Further digging indicated that the Comcast DNS Servers appears to be using DNSSEC/EDNS features that appears to not support. This incompatibility is most likely the cause of the “invalid response”.

Considering that either Comcast(and several other ISP’s) would have to downgrade their DNS servers or would need to upgrade theirs, AIS recommends moving DNS records to Amazon AWS Route53 because their DNS Servers support the latest DNS features and is the most robust DNS service.

The AIS Network Monitoring Service(NMS) includes Amazon AWS Route53 DNS hosting services for greater reliability and robust DNS health-check capabilities.


Share this post

Comment (1)

  • Avatar
    Eric Martin Reply

    AIS did a banner job in diagnosing this problem and coming up with a solution. Neither Comcast. nor Register understood or acknowledged the problem when we first noticed it on Tuesday. I spent many hours on fruitless support calls with them until AIS stepped in and figured it out. Thank guys!

    May 13, 2020 at 1:27 pm

Leave a comment

Your email address will not be published.