Finally - ask.org TLD who is NS for 021yy.org. They say ns2.booen.com. Ask ns2.booen.com who is NS for 021yy.org and they say NXDOMAIN. Perhaps you have no NS records in your auth servers...
Also, something is wrong with your authoritative servers. You should be able to run this command - let's do it against Google DNS - and get a response.
Compare: dig @8.8.8.8 021yy.org ns
(returns NXDOMAIN)
To: dig @8.8.8.8 slashdot.org ns
(returns NOERROR and gives IPs for auth NS)
So, let's try that again. Tell your auth DNS admin to increase the TTL on the A record for www.021yy.org. It should be much more than 60 seconds if your auth server is in China.
Hi - Jason from Comcast's DNS team here. First off, we have a nifty website @ http://dns.comcast.net/ where you can check our cache and find a form to contact us directly.
Let's breakdown the issues with www.021yy.org.
1 - Sub-optimal TTL: The DNS admin is not doing themselves any favors; the TTL for www.021yy.org seems to be set to 60 seconds. That will cause recursion every 60 seconds or less from US-based DNS servers to authoritative servers in China. I recommend a more industry standard TTL to enhance cacheability of these records and minimize global recursions at this frequency. I would suggest no less that 5 minutes (300 seconds in the DNS record) or even as much as 1 hour which is usually fine (3600).
2 - Auth servers seem to be in China? If you expect many users of www.021yy.org in the US, you may want to add at least one authoritative name server in the US so that when recursion does need to occur that it is faster than US-to-China transit time.
3 - Are the auth servers responsive? I get NXDOMAIN responses when asking several recursive servers, such as Google's.
Macintosh-3:~ jason$ dig @8.8.8.8 021yy.org ns
; > DiG 9.8.3-P1 > @8.8.8.8 021yy.org ns
; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER> DiG 9.8.3-P1 > @8.8.8.8 slashdot.org ns
; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 26387;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;slashdot.org. IN NS;; ANSWER SECTION:
slashdot.org. 19088 IN NS ns2.p03.dynect.net.
slashdot.org. 19088 IN NS ns4.p03.dynect.net.
slashdot.org. 19088 IN NS ns1.p03.dynect.net.
slashdot.org. 19088 IN NS ns3.p03.dynect.net.;; Query time: 17 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Tue Mar 11 17:42:38 2014;; MSG SIZE rcvd: 116
In any case, we're flushing our cache right now just in case but I am not sure that will solve a deeper DNS issue with the authoritative DNS service for this domain.
You can buy Earthlink broadband that uses Comcast's network as the transport, which seems to be the case here. Not Comcast's network decision making or DNS.
This information is false, we do not intercept port 53 traffic. The author of the linked blog should post their complete nslookup results, not the edited text they have posted. We'd also like to know what NAT is being used (some of those proxy DNS in odd ways).
Jason
Comcast National Engineering & Technical Operations
Slashdot Mirror
http://dns.comcast.net/index.p...
Flushing the cache for that name across all servers to see if it helps...
Ok - now that auth server is responding normally again. Perhaps an intermittent error?
Finally - ask .org TLD who is NS for 021yy.org. They say ns2.booen.com. Ask ns2.booen.com who is NS for 021yy.org and they say NXDOMAIN. Perhaps you have no NS records in your auth servers...
Also, something is wrong with your authoritative servers. You should be able to run this command - let's do it against Google DNS - and get a response. Compare: dig @8.8.8.8 021yy.org ns (returns NXDOMAIN) To: dig @8.8.8.8 slashdot.org ns (returns NOERROR and gives IPs for auth NS)
So, let's try that again. Tell your auth DNS admin to increase the TTL on the A record for www.021yy.org. It should be much more than 60 seconds if your auth server is in China.
What is the authoritative NS for 021yy.org?
Except if the problem is the authoritative servers....
ok - that formatting is terrible...
Hi - Jason from Comcast's DNS team here. First off, we have a nifty website @ http://dns.comcast.net/ where you can check our cache and find a form to contact us directly. Let's breakdown the issues with www.021yy.org. 1 - Sub-optimal TTL: The DNS admin is not doing themselves any favors; the TTL for www.021yy.org seems to be set to 60 seconds. That will cause recursion every 60 seconds or less from US-based DNS servers to authoritative servers in China. I recommend a more industry standard TTL to enhance cacheability of these records and minimize global recursions at this frequency. I would suggest no less that 5 minutes (300 seconds in the DNS record) or even as much as 1 hour which is usually fine (3600). 2 - Auth servers seem to be in China? If you expect many users of www.021yy.org in the US, you may want to add at least one authoritative name server in the US so that when recursion does need to occur that it is faster than US-to-China transit time. 3 - Are the auth servers responsive? I get NXDOMAIN responses when asking several recursive servers, such as Google's. Macintosh-3:~ jason$ dig @8.8.8.8 021yy.org ns ; > DiG 9.8.3-P1 > @8.8.8.8 021yy.org ns ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER> DiG 9.8.3-P1 > @8.8.8.8 slashdot.org ns
; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 26387 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;slashdot.org. IN NS ;; ANSWER SECTION:
slashdot.org. 19088 IN NS ns2.p03.dynect.net.
slashdot.org. 19088 IN NS ns4.p03.dynect.net.
slashdot.org. 19088 IN NS ns1.p03.dynect.net.
slashdot.org. 19088 IN NS ns3.p03.dynect.net. ;; Query time: 17 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Mar 11 17:42:38 2014 ;; MSG SIZE rcvd: 116
In any case, we're flushing our cache right now just in case but I am not sure that will solve a deeper DNS issue with the authoritative DNS service for this domain.
http://www.multichannel.com/blog/BIT_RATE/30860-Cable_Ops_Didn_t_Fund_Research_Into_BitTorrent_Tracker.php Speaks for itself
First off, port 53 is NOT being redirected. Use your choice of port 53 provider - whether your own DNS, Level 3, OpenDNS, whatever. As for how it works, check out http://networkmanagement.comcast.net/DomainHelperLogic.htm and http://tools.ietf.org/html/draft-livingood-dns-redirect-00 for the precise details. The second document is a complete technical description.
It was not down then and it's not down now. You need to be on the Comcast network to access it.
You can buy Earthlink broadband that uses Comcast's network as the transport, which seems to be the case here. Not Comcast's network decision making or DNS.
This information is false, we do not intercept port 53 traffic. The author of the linked blog should post their complete nslookup results, not the edited text they have posted. We'd also like to know what NAT is being used (some of those proxy DNS in odd ways). Jason Comcast National Engineering & Technical Operations