Regular Visitor
•
3 Messages
Comcast DNS Issues XB6 XFI gateway
To start with, I'm a Resident Engineer that works directly with Internet service providers network security teams. Please bare in mind asking things like restart the modem and make sure you are wired vs wireless are entirely unnecessary (looking at you Comcast support).... as I have made a career in troubleshooting network connectivity and security issues and have went through the process multiple times.
As I have been in the Network security industry for years, I was using my own 3rd party modem with Comcast and had little to no issues at all for years. Fast forward to the present when the local headend started enforcing removal of modems supporting older DOCSIS standards. Ok thats fine with me, I am all about modernizing infrastructure especially under the premise that speeds will increase, so sure lets give the older modems the boot. What options did I have? At this point due to time and workload I didn't have time to reconfigure my home network with another Comcast approved 3rd party modem so I opted for the simple answer and wanted to see what all the "Buzz" was about with the XB6 xFi Advanced Gateway and at least I would get my home network back up and going with minimal effort. Moving forward, we received the device, installed with minimal effort and was back up and running, but then we had odd issues.
Issues:
- IOT devices such as smart home thermostat would no longer stay connected to the cloud services
- Chromebook would not work at all
- Nvidia Shield intermittent internet access issues
- Intermittent access to websites to any and all websites (frequency 3-5 times a day for 5-10 minutes or even longer time periods) with the browser error: “ERR_NAME_NOT_RESOLVED”
So finally after a few months of consistent DNS issues and having a little time to look in to this I began troubleshooting. Before I explain my troubleshooting steps, let me preface some of the main pillars of networking, so those without the knowledge, understand the workflow/process of being able to reach their favorite websites.
Edumacation from yours truly:
When you are on your Laptop/PC/mobile device and you open a browser and try to visit your favorite website there are alot of gears turning under the hood. Lets start with IP addressing. Every publicly accessible server on the internet has a public IP address. IP addresses can be used as source or destinations. Think of how you send mail to a relative, the source is your home address the destination is your relatives home address, the post office is responsible for picking up your mail and delivering it to your relatives home address. Imagine that the post office is the internet service provider (Xfinity) who picks up your "mail" (packets) from your xFI gateway and determines how to get it to the destination IP (where the server lives). Thats great and all and is really a convaluted process, because you could spend a career explaining how a service provider connects you to your favorite servers.
But theres another pillar of networking that needs to be taken in to consideration called DNS.
When you compose a letter and send it to your relative, you already know the destination address (or look it up in your space age Rolodex). But for your computer, it is unlikely it has said Rolodex with all of the internet servers IP addresses stored for every site on the internet. So your computer relies on talking to whats called a DNS server (The internet Rolodex). When your computer boots, or you connect via WiFi, your computer makes a request to the xFI gateway asking for a (local) IP address and DNS servers your computer can talk to, to resolve the website name your are visiting to an IP address.
Great so how does this all apply to Comcast XB6 xFI gateway?
Well when your PC connects and gets its local IP and DNS servers assigned from the XB6 you will have Comcasts DNS servers (75.75.75.75 and 75.75.75.76) but wait it also provides IPv6 DNS servers as well (2001:558:feed::1 and 2001:558:feed::2). Well we haven't talked about IPv6 so lets backup a bit. When the internet was created IPv4 was the standard used for IP addresses and assignment, but there was a limited number of public IPv4 addresses that can be assigned, so smart peoples created IPv6 which has many more IP addresses to use. Great now thats covered what does that mean for my PC?
Well when you go to a website your PC will prefer to use the IPv6 DNS server to resolve the website to an IP address so you can compose your packet (mail). Due to the PC's order of precedence in the networking stack. IPv6 is preferred over IPv4 if available. This is great we are using IPv6 but unfortunately for some unknown reason throughout the day IPv6 DNS queries from your PC through the xFI gateway to Comcasts DNS server gets dropped every once in while. Ok well that should be fine right? We still have an IPv4 DNS server we can talk to as well right?
Well in my case my PC can't talk to the Comcast DNS servers (75.75.75.75 and 75.75.75.76) through the xFI gateway. This means I can't translate a website name to an IP address so I get the error in my web browser: “ERR_NAME_NOT_RESOLVED” which means I can't compose the packets to send to the server cause I don't know the servers IP address.
Disclaimer Note: this "edumaction" is overly simplified, but the basic principles are what makes the internet today and I don't have a lot of time to fully go in to the depth from beginning to end how this works 🙂
Now on to Troubleshooting:
Well lets not discuss the hours on a Comcast support call, 5 resets of modem, re-provisioning, measuring of the transmit and receive levels of the xFi gateway to the headend, disabling of the Advanced security settings and the inability to get transferred from the Residential Support center to an informed network engineer that really makes the network work, not to mention being transferred between 10+ representatives to repeat the same processes and still no contact or representative to hold accountable for a subpar internet connection, also a promise from the support manager to call me back which has not happened at the scheduled time.... /end rant
Firstly we have to rule out the customers (me) network, PC, and xFI settings right?
- Check on your PC (Windows/Linux/Mac/Android/Chromebook) to see if you are getting an IP address and DNS servers from the xFI gateway. If not talk to a support tech, they should be able to help you with these basic settings. To check you can use below commands:
Windowsipconfig /all
Linux (Ubuntu 18.04)nmcli device show
- See if you can route to the Comcast provided DNS server if yes move on. Note being able to ping and route to it only tells you that routing works, doesn't mean there isn't some firewall in the xFI gateway rate limiting or dropping your dns queries:
Windowstracert 75.75.75.75
Linuxtraceroute 75.75.75.75
- Clear your local dns cache to ensure your not using something that was stored locally on your machine:
Windows (run windows terminal as administrator)ipconfig /flushdns
Linuxsudo systemd-resolve --flush-caches
- Do a direct DNS query to Comcasts IPv4 DNS server and if you see timeouts thats a problem. In my case I can't make one successful DNS query to Comcast IPv4 DNS server at all (this is persistent)
Windowsnslookup google.com 75.75.75.75
Linuxdig google.com @75.75.75.75
- Do a direct DNS query to Comcasts IPv6 DNS servers and see if you have timeouts as well (in my case it works "most" of the time but fails intermittently every day 3-5 times for sometimes lengthy periods)
Windowsnslookup google.com 2001:558:feed::1
Linuxdig google.com @2001:558:feed::1
- If the Comcast DNS servers are unresponsive, try configuring on your local PC some 3rd pary external DNS servers like Googles 8.8.8.8 and try steps 4 and 5 again replacing 75.75.75.75 with 8.8.8.8. Now you should be able to use 3rd party DNS servers if you so choose because Comcasts "Broadband disclosure" states:
"Comcast does not block or otherwise prevent end user access to lawful content, applications, services, or non-harmful devices. Comcast does engage in reasonable network management practices described below and in our Network Management Information Center."
Note the only caveat they have is they will rate limit the number of transactions made to COMCAST DNS servers, they should not block anything to 3rd party DNS servers like Google:
"We limit the number of login, SMTP, DNS, and DHCP transactions per second (at levels far above “normal” rates) that customers can send to our servers in order to protect them from Denial of Service (DoS) attacks."
Yet somehow my DNS queries to Google are not returning a response (hermmm XB6 intercept/drop/redirect to Comcast servers? I can't find a Comcast support representative with enough knowledge on the XB6 to figure this out) Additionally colleagues of mine that have 3rd party modems are free to use whatever 3rd party DNS server they want with no issues on Xfinity's network, I just happen to be the only one of us using the XB6.
At this point you should be talking to Comcast, but I don't know what department will actually take you seriously and get an informed support representative to assist.
For @Comcast_Support see Incident CR930002267, please find me someone that will troubleshoot the issue and be accountable instead of calling in and playing the support shuffle game.
For the rest of you that are experiencing these issues and are just trying to get by in your day and have ran in to this issue, post your experience and whether or not you were able to get anyone to resolve these issues for you or your detailed workarounds that have worked for you.
Kinggirl
New Poster
•
1 Message
4 years ago
0
code_sizzles
Regular Visitor
•
3 Messages
4 years ago
Hi @Kinggirl I am with you there, it is really frustrating when an issue is intermittent. As for my situation, no I have not had any resolution to this yet, still trying different options such as having a replacement Modem sent to rule out the modem hardware from being part of the issue, I'll update here if I get a resolution and any details surrounding it.
So when a device connects to the network generally you will get a DHCP lease giving you IP/DNS settings. What I have noticed in modern operating systems that connect via WiFi is that there is "smart" detection and testing of the settings given to your device (forgive me I don't remember the technical terms offhand). Your device when initially connected, will test via some hardcoded routines basically saying hey can I reach this external server by resolving the hostname via the assigned DNS and get the response back that I expect? If not consider this connection as "borked" and maybe auto-connect to your next saved/available WiFi network, or if you are on a mobile device, it may use your mobile data connection for further connections to the internet since it considers this connection "borked" (otherwise seen as connection successful but no internet). This is a feature that will enhance the user experience over time, but it is concerning as more devices connect via WiFi these days and troubleshooting becomes more complex and the level of support you get these days is most certainly not adequate.
Because DNS is such an important pillar of networking it does amaze me that @Comcast_Support is entirely unaware of the actual workflow of how DNS works between a client device and a DNS server and why they can't troubleshoot this simply from a command line on the modem backend or log DNS issues in the modem itself. I can't say for sure that this is your situation as to why you can only appear to work via the ethernet cable but there are some troubleshooting steps you can try.
First we probably have to cover the basics to make sure you can rule out your Mac / other devices:
1. Reset the modem (you have done that so proceed on 🙂 )
2. Check what IP/DNS settings you are getting from the xFinity gateway. First ensure you are connected via WiFi on your Mac, and launch your terminal, then type the following to get the IP settings currently assigned to you:
This will show you your IPv4 address the modem gave you as well as your IPv6 address
3. Next check what DNS servers you are assigned:
This will show you the DNS servers in the order of priority (top to bottom) the Mac will try to use to resolve website names to IPs.
4. Determine your Mac's default gateway (which should end up being the xfinity modem/router):
The IP address normally ending in ".1" should be your gateway.
5. Now that you have all the available information from your Mac, lets test and make sure your Mac can reach the xFinity Modem:
Replace x.x.x.1 with whatever your results were from step 4 (your gateway). If you can ping that gateway consistently then you know between your Mac and the xFinity modem/router is good.
6. Next lets see if you can route to some external IP on the internet, lets use Googles reliable 8.8.8.8:
If the pings are successfull then great! We have established that you are at least capable of connecting from your Mac to the modem and send packets all the way out to Googles 8.8.8.8 and receive responses from that server.
7. Now lets see if the other main pillar of network actually works (DNS)
From the terminal on your Mac lets test a direct query to Comcasts IPv4 DNS server and see if it can resolve the hostname Google.com to an IP address:
If you end up with a
then this is no bueno and for some reason you are unable to resolve DNS queries against Comcasts server.
Well why don't we try a 3rd party DNS server like ol reliable Google?
Again connection timeouts ? Well Kinggirl, I think at this point you may be having the same issues as I.
But before declaring it so, lets at least make sure you can route to the Comcast DNS server. Note I say route which there is a key difference between routing and making a DNS query (for the network nerds out there you know Layer3 vs a Layer7 issue)
8. Let us see if we can route! ping the Comcast DNS server:
If you get timeouts then there maybe a networking issue with Comcast, which at least should be well known, amongst your area or at least within the support center and generally they move to resolve those issues.
But to be certain lets follow the route the packet takes from your Mac to the Comcast server, if you see any asterisks * then the last reported IP is where the issue begins.
Well, I think thats all I can cover as far as the basics on your end, what Comcast likes to do is:
1. reset your modem just by speaking to the automated attendant
2. speak with a live agent Tier1 who would like to confirm information, and potentially reprovision your modem (which again resets it)
3. Do another modem reset, this time checking the signal strength between your modem and their headend where all customers connect to.
4. Disable Advanced Security if this is enabled (depending on the model of your modem)
5. Wave their hands in the air like they just don't care and transfer you to another department - thats at least what happens to me 🙂
6. Get an on site tech scheduled to test / replace your modem should the existing one be faulty - mine didn't have one so I had to call in, and speak with managers and request another one to rule out the local hardware from being the problem (current stage of my life right now)
0
user_cb89ca
Visitor
•
1 Message
3 years ago
my problem: I have a Dell pc Windows 7 ( I like it) hardwired. Everything worked fine until they told me I had to upgrade to the xb6. It worked fine for about 10 days, the yesterday I could not get on the internet with my windows 7 pc. Went through all of the troubleshooting before calling them: rebooted pc, router, ipconfig dnsflush, deleted all temp files, opened it up, reseated memory sticks, made sure all connections were solid, and even cleaned out the dust. Still not able to get on the internet. Called them, first rep said to use the ethernet cable they gave me with the new box. (both were cat 5...?) But I did, still did not work. Bought a cat 6 cable, tried it, still could not access iternet, It appears to start to load, but then goes away and I am left with a white page with the dreaded circle circling. Called again . Both times the reps were very very nice and wanted to help, but just did not seem to know enough. I asked to speak with someone from their network to check the ip settings but the last rep told me she was the network support. (no sorry). She said it was my Windows 7 pc and transferred me to Microsoft support which led to an automated system that gave me a website to log into to further troubleshoot...( I can't get on the internet). So I tried some further troubleshooting at home: upgrading drivers but I already have the latest version; ipconfig/renew; tracert (successful) ping (successful) . There is green link light at the router ethernet port, but yellow link lighty at the pc ethernet port. I seriously do not think it is the ethernet card. Could this new router not be compatible with windows 7? If so, then why did it work fine for 10 days?
0
0
EG
Expert
•
104.4K Messages
3 years ago
@user_cb89ca
Please create a new topic of your own here on this board detailing your issue (copy and paste your post and re-post it). Thanks. 6 month old dead now being closed.
0