[sf-lug] worked around but not resolved: Re: DNS issues again because of Comcast Business SecurityEdge

[Michael Paoli]

FYI, as of
Jan  7 06:09:55 local time
have workaround in place, so though the issue is still present,
workaround is in place and most* domains are no longer having issues.
*at least those I generally attend to, including the LUG domains
of SF-LUG, BALUG, BerkeleyLUG
Also,
linuxmafia.com (and thus SF-LUG list) was never significantly impacted.

Work to fix the actual issue is ongoing, Rick has lead on that,
ball has been in Comcast Business's court for a while now.

On Tue, Jan 6, 2026 at 11:44 PM Michael Paoli
<michael.paoli at berkeley.edu> wrote:
>
> This is at least the 3rd time Comcast Business has screwed it up.
> Their SecurityEdge [mis-]"feature" screws up and
> interferes with DNS.  It basically commandeers all UDP and TCP
> outbound port 53 traffic (and totally fails with IPv6 TCP).
>
> This is again currently impacting ns1.linuxmafia.com,
> which is on Comcast Business, and SecurityEdge has become enabled
> yet again, and is yet again breaking things.
> Though ns1.linuxmafia.com. (authoritative for sf-lug.org. and quite a number
> of additional domains, including also balug.org.) still answers queries and
> can generally respond, it can no longer get updates (AXFR and IXFR fail,
> because SecurityEdge).
>
> As of the latest, Rick is very much on top of the issue, and has been since
> fairly early this morning local time.  Looking over logs on that host,
> the problem was apparently not yet present at (local times):
> Jan  5 15:53:47
> but problem was present by:
> Jan  5 16:02:59
> and possibly as early as or slightly earlier than:
> Jan  5 15:56:22
> and at least at the time I'm typing this, the problem is still
> currently ongoing.
> Bit of references on the earlier (and can follow the trails from there):
> http://linuxmafia.com/pipermail/sf-lug/2023q3/015928.html