DNS Resolution Issues

2 minute read

On 5/12/2020, Domain Names using register.com DNS Servers become intermittently inaccessible from Comcast internet connections. The root cause of this issue appears to be lack of DNSSEC and EDNS support by the register.com DNS Servers. To resolve this issue, AIS recommends using Amazon AWS Route53 DNS hosting services, which is included as part of the AIS Network Monitoring Service(NMS).

After initial testing, Comcast DNS Servers were responding with a Servfail error on affected domains, which means the domain exists but the authoritative DNS server(register.com) for that domain is giving an invalid response. Further digging indicated that the Comcast DNS Servers appears to be using DNSSEC and EDNS features that register.com appears to not support. This incompatibility is most likely the cause of the invalid response.

Considering that either Comcast would have to downgrade their DNS servers or register.com would need to upgrade theirs, AIS recommends moving DNS records to Amazon Route53 because their DNS Servers support the latest DNS features and is the most robust DNS service.

The AIS Network Monitoring Service(NMS) includes Amazon AWS Route53 DNS hosting services for greater reliability and robust DNS health-check capabilities.

Domain name ownership, DNS ownership, and web hosting are all mutually exclusive. DNS has one job, you give it a name, it replies with an IP address. If a trace is able to start, then DNS did its job. Most traces fail because ICMP is blocked, which tracert uses to do it's job.

Last modified April 30, 2021
Get Started Now