No Internet after upgrading Comcast Business Gateway/modem
-
I was able to fix my DNS issues by putting BIND in forwarding mode & not allowing it to use the root authority servers.
Seems Comcast SecurityEdge is blocking the root servers, but not 1.1.1.1 or 8.8.8.8 -
@bazzacad said in No Internet after upgrading Comcast Business Gateway/modem:
Seems Comcast SecurityEdge is blocking the root servers, but not 1.1.1.1 or 8.8.8.8
Blocking root servers, I tend to say that that is a security issue. Comcast sells it the other way around ??
-
I do believe my 5 year old learned a new cuss word tonight as I read this..
-
Upgraded Comcast Business service to higher speed several days ago - worked great. Begged them not to add SecuirtyEdge on a well-educated hunch. "Sorry, you get it whether you want it or not".
Last night and completely unannounced, Comcast updated the modem firmware and flipped on SecurityEdge. Complete disaster. Had the same local DNS problems as described above, with BIND complaining of non-improving referrals, rendering most on-site/off-site access useless. Temporarily switched it to forwarding with absolutely dreadful latency.
Played CSR roulette until I found someone who had previously run into plethoras of SecurityEdge incompatibilities. They immediately escalated this to the next tier and within four hours SecurityEdge was disabled for the account. Surprise - once I restored the original DNS config, everything worked perfectly.
SecurityEdge appears to have been developed by kindergartners with no technical understanding of what they were doing. I'm being kind.
-
Thanks so much for confirming what I've been finding. I'll get it removed.
-
Update: with SecurityEdge turned off, our system ran great for a day and a half. Then Comcast turned SecurityEdge back on for some unknown reason. The next CSR could see it was supposed to be turned off, but couldn't get it fixed. Escalated again, but 24 hours later SecurityEdge still hasn't been turned off.
I've configured DNS forwarding as a workaround, but at best it's slow and at worst domains aren't resolving properly. This is all caused by SecurityEdge being in the loop and no direct way to outflank it. My whole day is now racing from machine to machine trying to solve each individual problem. With many flavors of Linux running in our configuration, this is surely a headache. If this persists we'll move to another ISP ASAP. I'm not going to tunnel DNS just to get around this.
Disclaimer: We don't use pfSense, but this forum was one of the most informed places I found with useful information on the SecurityEdge problem, so I thought I would contribute back what I've learned.
-
@pendragonsound said in No Internet after upgrading Comcast Business Gateway/modem:
Disclaimer: We don't use pfSense, but this forum was one of the most informed places I found with useful information on the SecurityEdge problem, so I thought I would contribute back what I've learned.
Much appreciated!
