[sf-lug] (forw) Re: (forw) Trouble ticket # CR109553011 diagnostic data
Rick Moen
rick at linuxmafia.com
Sun Sep 24 16:43:08 PDT 2023
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
Date: Sun, 24 Sep 2023 16:42:13 -0700
From: Rick Moen <rick at linuxmafia.com>
To: Nick Varela <Nick_Varela at cable.comcast.com>
Subject: Re: (forw) Trouble ticket # CR109553011 diagnostic data
Organization: If you lived here, you'd be $HOME already.
Mr. Varela, happily, the problem was resolved, this morning, by "Shawa"
in Denver. I thought you would want to know brief details.
After trying a couple of other things, Shawna noticed a Comcast product
called "SecurityEdge"
(https://business.comcast.com/learn/internet/security-edge) was active
in our customer account. For what it's worth, we customers had not
requested said product, and were unaware it had been added..
With my blessing, Shawna disabled SecurityEdge. I was immediately able
to verify that DNS now works correctly. Problem resolved.
Comcast Business may be unaware that SecurityEdge breaks authoritative
DNS (among other adverse effects). My records show that the breakage
occurred between Sep 20 22:53:59 and Sep 21 02:46:47, which matches the
maintenance window for Comcast-initiated firmware upgrades to customer
gateway boxes. So, best guess, Comcast pushed out a firmware upgrade at
midnight Thursday that altered DNS traffic routing and broke
authoritative DNS nameservice zone transfers.
My point is that rolling this feature out without notice causes
problems, particularly for static IP customers like me who operate
authoritative DNS nameservers -- which it breaks. As it stands, I
expect I may have to re-request shutoff of "SecurityEdge" every time
Comcast rolls out a future firmware upgrade.
Irrespective of its merits as a security product, please consider either
making "SecurityEdge" opt-in, or at least _not_ autodeployed to static
IP customers. Thank you.
----- End forwarded message -----
More information about the sf-lug
mailing list