Community Forum

ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Contributor

ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Hi,

I am unable to reach ca.gov. I can reach it on my Tor Browser and also when I am in another region (2 hours away). Phone support cannot comprehend how to help.

 

Thank you Tom5372 for helping.

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Please perform a traceroute to the domain and post the output here.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

 

dns.PNG

 

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

above image created by this: http://dnsviz.net/d/www.ca.gov/dnssec/

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Can't see your pic. Since you are a new poster, it likely needs to be approved by a Forum Admin.

You could try hosting it at one of those free third-party pic hosting sites and post the link to it here.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

 

tracert.PNG

 

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

standby

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

https://drive.google.com/open?id=1_CHKiAv89ZgVjttz2CHRVSg1w9g9N5bo

 

https://drive.google.com/open?id=1CM9ki9Gb0omKN_ueWonw47cHwlgKpqdr


You need to change your DNS (Domain Name Servers) as Comcast's are extremely slow and buggy. 

 

https://www.theverge.com/2018/4/3/17191538/how-to-change-dns-routers-windows-mac-ios

 

Follow that guide and if you need help let me know and I'd be glad to help. Smiley Happy

 

5th

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

we will change our servers and let you know if we had success!

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

@Maryb_calaveras

 

Are you using a Comcast supplied gateway device ?



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Looks like the domain has some DNS SEC / DNS KEY issues;

 

https://dnssec-analyzer.verisignlabs.com/www.ca.gov

 

http://dnsviz.net/d/www.ca.gov/dnssec/

 

That would have to be corrected by the webmaster / site admins.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

it's a team effort I think between Comcast and ca.gov? That's how previous issues like this were handled by Comcast according to this forum and a NASA page from years ago.

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

FWIW, Comcast is just the pipe. They are not responsible for any third party site certificate misconfigurations. Of course, if they wanted to, they could indeed inform and work together with them.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

sent in a request to the ca.gov IT department with the two links. Thanks for confirming my hunch.

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

No, we have a Netgear router and our own Motorola modem. It's not that old.

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

sent in a request to the ca.gov IT department with the two links. Thanks for confirming my hunch.


Good luck with it !



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

No, we have a Netgear router and our own Motorola modem. It's not that old.


The reason that I asked is that you can change the DNS servers (if it needed to be) globally for all the devices on your network with a third party router like yours. You couldn't change it with the Comcast supplied gateway devices.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@EG wrote:

Looks like the domain has some DNS SEC / DNS KEY issues;

 

https://dnssec-analyzer.verisignlabs.com/www.ca.gov

 

http://dnsviz.net/d/www.ca.gov/dnssec/

 

That would have to be corrected by the webmaster / site admins.


This looks like the same Azure issue that plagued Microsoft's Edge Servers a couple of weeks ago as I pointed out in this thread

This is Microsoft's problem, unfortunately. 

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

I remember that. Thanks for the link.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

this is a continuing problem and became a huge public safety issue this weekend in the Sierra Nevada/Calaveras County when Comcast internet users could not view the map of dangerous road conditions on Caltrans QuickMap and CHP Traffic Incidents! 

 

When will Comcast wake up and fix this before someone is in a horrible accident?

Silver Problem Solver

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

this is a continuing problem and became a huge public safety issue this weekend in the Sierra Nevada/Calaveras County when Comcast internet users could not view the map of dangerous road conditions on Caltrans QuickMap and CHP Traffic Incidents! 

 

When will Comcast wake up and fix this before someone is in a horrible accident?


Any chance it is an issue on your end?  

https://www.ca.gov/ works in my Chrome browser.

I am not a Comcast Employee.
I am just a customer, volunteering my time to help other customers here in the Forums.
Was your question answered? Mark the post as best answer!
Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

this is a continuing problem and became a huge public safety issue this weekend in the Sierra Nevada/Calaveras County when Comcast internet users could not view the map of dangerous road conditions on Caltrans QuickMap and CHP Traffic Incidents! 

 

When will Comcast wake up and fix this before someone is in a horrible accident?


FWIW, I still see the same DNS SEC / DNS KEY issues....



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

verisign 19Feb.PNG

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

I posted an image of a DNS analyzer just now, did it come through? The answer is no, my end is clean which explains why I posted my message in the first place - because it needs a fix like nasa.gov's issue and ca.gov's issue back in 2013.

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

ca.gov's IT department suggests moving to different DNS servers...but then everyone else is still hosed. I tweeted to the Governor's office after that message, waiting for a response.

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

Didn't we just establish that this is a continuing issue with Microsoft's Azure cloud service?

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

ca.gov's IT department suggests moving to different DNS servers...but then everyone else is still hosed. I tweeted to the Governor's office after that message, waiting for a response.


Any third party DNS servers that use DNS SEC will be affected.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

I believe we did establish that, but Comcast can put in a temporary validation exclusion? Something was done last week the morning of a technician visit to our home (they insisted on sending out). It worked for a few days, then went back to same problem.

 

Here's an email from ca.gov IT dept today:

The 2013 event was due to the ‘gov’ registrar messing up our DNSSEC trust anchor.  This broke DNSSEC and resulted in ‘ca.gov’ resolution issues for DNSSEC validating resolvers (i.e. Comcast and Version).  We fixed the issue by removing DNSSEC from ‘ca.gov’.  This problem is something different.  The DNS servers at ‘192.168.1.1’ and ‘fe80::224::b2ff::fe51::b092’ time out.  If this were a DNSSEC issue, you would receive a response (NODATA or NXDOMAIN). 

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

I emailed the ca.gov IT contact about the Azure service. Waiting for a response.

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

 

Th  If this were a DNSSEC issue, you would receive a response (NODATA or NXDOMAIN). 


Not true. The broken chain output proves that it is a DNS SEC problem.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

thanks for confirming. I will send the IT guy this info

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

verisign 20Feb.PNG

Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

from ca.gov IT guy today:

 

You sent me at least 2 screenshots showing a timeout from your DNS server(s).  I can’t control that in any way.  You blame DNSSEC, but this zone is not signed – and hasn’t been since 2013ish.  Who supports your internal DNS resolvers at (‘192.168.1.1’ and  ‘fe80::224::b2ff::fe51::b092’)?  It would be beneficial  to run tests from them and rule out client reachability.

 

I flushed my dns, of course nothing changed. This guy doesn't want to take next steps.

Expert

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved


@Maryb_calaveras wrote:

  Who supports your internal DNS resolvers at (‘192.168.1.1’ and  ‘fe80::224::b2ff::fe51::b092’)?  It would be beneficial  to run tests from them and rule out client reachability.


FWIW, these addresses are just the DNS relay / DNS forwarder / DNS proxy and the IPv6 link

local addys in your router.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: ca.gov not reachable (again) just like the nasa.gov problem that Tom5372 resolved

I am not sure what this means. We reset the router too. Nothing works. The IT guy had me turn on debug for the nslookup, also set the timeout to 5 seconds.