[sf-lug] DNS issues again because of Comcast Business SecurityEdge
Michael Paoli
michael.paoli at berkeley.edu
Tue Jan 6 23:44:16 PST 2026
This is at least the 3rd time Comcast Business has screwed it up.
Their SecurityEdge [mis-]"feature" screws up and
interferes with DNS. It basically commandeers all UDP and TCP
outbound port 53 traffic (and totally fails with IPv6 TCP).
This is again currently impacting ns1.linuxmafia.com,
which is on Comcast Business, and SecurityEdge has become enabled
yet again, and is yet again breaking things.
Though ns1.linuxmafia.com. (authoritative for sf-lug.org. and quite a number
of additional domains, including also balug.org.) still answers queries and
can generally respond, it can no longer get updates (AXFR and IXFR fail,
because SecurityEdge).
As of the latest, Rick is very much on top of the issue, and has been since
fairly early this morning local time. Looking over logs on that host,
the problem was apparently not yet present at (local times):
Jan 5 15:53:47
but problem was present by:
Jan 5 16:02:59
and possibly as early as or slightly earlier than:
Jan 5 15:56:22
and at least at the time I'm typing this, the problem is still
currently ongoing.
Bit of references on the earlier (and can follow the trails from there):
http://linuxmafia.com/pipermail/sf-lug/2023q3/015928.html
More information about the sf-lug
mailing list