[PLUG] Is there a DNS cache in the Comcast modem?
Mike C.
mconnors1 at gmail.com
Tue Sep 19 16:43:45 UTC 2017
On 9/19/17 8:15 AM, plug-request at lists.pdxlinux.org wrote:
> My original question was does my
> modem have such a cache. Now is seems your answer is No, it does not. Do I
> understand you correctly?
>
> Harpreet 12:11 PM yes, you are
Because I obsess about stuff like facts and truth.
First, did you talk to an "XFINITY Domain Name System expert." at
https://dns.xfinity.com/ ?!?!?! (All sarcasm & snarkiness fully intended)
Second, it appears both Comcast & Google do DNNSEC validation.
Third, this seems to be a pretty good too that I found on that xfinity
dns web page.
"DNSViz is a tool for visualizing the status of a DNS zone. It was
designed as a resource for understanding and troubleshooting deployment
of the DNS Security Extensions (DNSSEC). It provides a visual analysis
of the DNSSEC authentication chain for a domain name and its resolution
path in the DNS namespace, and it lists configuration errors detected by
the tool."
http://dnsviz.net/
It's non-SSL, so if you're having problems with browsing to SSL based
web sites again, try to go here and plug in the domain you're having
problems with.
You may not understand the DNSKEY errors, as neither do I, but if you
see things in highlighted in red, and red triangles w. exclamation
points, e.g. http://dnsviz.net/d/quacktopia.com/WVmoCg/dnssec/ , you
have a useful data point that a particular domain zone file has an error
and/or be compromised.
More information about the PLUG
mailing list