Why is Comcast blocking access to the FBI?
Well, not blocking per se, but failing the DNS resolution of fbi.gov.
I was reading this article over at Ars today about how a botnet had managed to change the DNS lookup servers on millions of machines and make a fortune. Interesting, but you know, malware, rinse, repeat.
But then I tried to follow a link to some notice over at FBI.gov. It didn’t work.
So I went digging. DNS lookup was failing. (Sounded familiar after the article!)
Comcast gives me two DNS servers via DHCP: 75.75.75.75 and 75.75.76.76. My co-consipator, also on Comcast but a lower-speed “plan” gets these DNS servers: 68.87.78.134 and 68.87.76.182. That’s 4 known Comcast DNS servers.
Three fail. Witness:
nslookup fbi.gov 75.75.75.75 Server: 75.75.75.75 Address: 75.75.75.75#53 ** server can't find fbi.gov: SERVFAILnslookup fbi.gov 75.75.76.76 Server: 75.75.76.76 Address: 75.75.76.76#53 ** server can't find fbi.gov: SERVFAILnslookup fbi.gov 68.87.78.134 Server: 68.87.78.134 Address: 68.87.78.134#53 ** server can't find fbi.gov: SERVFAIL
One works. For whatever reason.
nslookup fbi.gov 68.87.76.182 Server: 68.87.76.182 Address: 68.87.76.182#53 Non-authoritative answer: Name: fbi.gov Address: 209.251.178.99
Here’s Google:
nslookup fbi.gov 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: fbi.gov Address: 209.251.178.99
dig, host, all yield similar.
Not the tin-foil hat type but this is bad. I don’t like fuckery in my DNS lookups.
WTF Comcast?
comments