Last night, between 1:00 and 2:00 am Central, my home DNS servers started timing out to all their upstream resolvers, including 1.1.1.1 and 8.8.8.8. No restarts or config changes in the logs.
Meanwhile, both public cloudflare and google dns resolvers are pingable from my DNS servers.
I tried to dig directly to each public resolver - requests all timed out. Then, as if by magic, with no configuration changes - at [2025-10-08 01:59:46] the upstream cloudflare and google DNS’s suddenly start resolving requests again.
If you take what I’ve said at face value, barring total incompetence on my side (always possible) - is there something I’m missing here that could explain this? Or is this only possible via Comcast DNS hijacking absolutely all of my DNS traffic? In which case, I’d assume their hijacking service went down for maintenance between 1 and 2am.
context:
- I have consoomer Comcast/Xfinity internet, but the building is zoned for dual commercial/residential rentals.
- I have no option for “Comcast SecurityEdge”, I assume because it’s not commercial service.
- I’ve seen nothing about cloudflare nor google dns going down globally. I feel like that would be a notable outage.
- I’m in the chicagoland area
- Service is Comcast Xfinity 2Gb/350Mb
possibly relevant discussions
1 Like
I’m also using Comcast Xfinity, residential with the same up/down speeds in the PDX area, Pacific Time.
So this would have been around 11PM ~ Midnight my local time, however I had not really noticed anything specifically at this time frame last night.
I don’t use the Comcast DNS servers but rather Googles Public DNS and the Cloudflare DNS services.
I moved over to DoH on my comcast line at home a year ago and have zero issues.
It’s sort of interesting how many “comcast outages” my neighbors have that are directly related to comcast DNS servers having outages but the actual transport being fine.
1 Like
I don’t have any specific information regarding this particular issue. But in general, I recommend DNS over https in the future.
If you have your own local DNS server, you can provide it with the DOH for upstreams.
That’s what I do at home.
3 Likes
Thanks for chiming in folks. I’ve taken your recs and configured my servers to use upstreams over DOH/DOT.
I am still curious if anyone can offer a technical explanation for what I’ve described, outside of residential DNS hijacking.
-
DNS resolves to 1.1.1.1/8.8.8.8 as normal
-
DNS suddenly fails to resolve to 1.1.1.1/8.8.8.8
-
meanwhile, servers are reachable at 1.1.1.1/8.8.8.8
-
DNS suddenly resolves again to 1.1.1.1/8.8.8.8, some time later with no changes
-
outage is 1 to 2 am
-
no outages reported by cloudflare nor google
1 Like
If you have home DNS servers (resolver?) then why are you making use of external DNS through one.one.one.one and/or Google?
He might be using them as a hop in his network, eg a local caching resolver that has a DoH upstream configured. At least that is what I do, running a full recursive resolver at home is overkill and slow imo.
So I’ve been monitoring my Comcast inet around these same time frames as the OP, I’ve not seen these kinds of outages.
Could it actually be something mis-configured in your area on the Comcast network ?
I live in PDX (West Coast) and use the Google DNS and Cloudflare DNS as a secondary.
You’re confusing DNS resolving and DNS forwarding. They are not the same.
If you are running a resolver, with or without caching, there is no need to have an “upstream” DNS server configured for forwarding purposes.
You are being pedantic sir
Yup same report here, and someone posted about this the other day. I can use youtube, but ddg is comepletely gone.
No, he’s not. My network got a random ARP flood the other day. Something is happening in the midwest area between U3 on the south side of NY, MI in general, and north ohio, and now it seems chicago as well.
My guess is an AI center is scanning everyone.
Its midwest only
Complaining about confusing dns resolving and dns forwarding is being pedantic when the local RESOLVER is caching.
Unbound is a validating, recursive, caching DNS resolver
Source: NLnet Labs - Unbound - About
Here is my pedantic response.
I never said DNS resolving or dns forwarding, specifically I said
He might be using them as a hop in his network, eg a local caching resolver that has a DoH upstream configured. At least that is what I do, running a full recursive resolver at home is overkill and slow imo.
In my case I am using unbound to handle the resolution of a dns key (record) to a value (in most cases an address). In order to resolve that query it forwards the request to an upstream.
Unfortunately, in this day and age, it is to be assumed that every service provider you are dealing with (and some you aren’t) and every device that connects to a network are doing their utmost to anything and everything no matter how unethical to gain as much data about you as they possibly can.
This doesn’t surprise me in the slightest. Comcast is probably doing whatever they can to force subscribers to use their own DNS so they can control what they can see, and harvest as much data about them as possible.
This is the new normal.
absolutely everything has eyes. Venture capitalists won’t even give a startup money, unless they have found a way to maximize collection and monetization of user data. It has been this way for over 15 years, but people keep being blind to it and making excuses bout it, because it is more convenient to try to justify why they shouldn’t be worried than accept the fact that the only privacy that exists today is the illusion of privacy.
Absolutely every device in your life, including the obvious like your phone, but also your TV and your car, and absolutely every service you use is always watching, always collecting data, always trying to create the best profile they possible can on you so that they can sell it.
You can try using a VPN service, but that is really a matter of trust. Are they really pro-privacy like they say, or have you just moved the prying eyes at some expense from your ISP to someone else, and how do you know they are any better?
3 Likes
Just got a comcast notification btw, doing something overnight
No, I’m not. You’re failing to grasp the distinction between resolving and forwarding.
Besides that, my response offers the only real solution to prevent re-occurrence of the originally reported matter.
Stop using DNS forwarding to forward DNS resolution requests to external DNS resolvers (like 1.1.1.1 or 8.8.8.8) and start utilizing your own DNS resolver.
You don’t need Google to resolve for you, RESOLVE IT YOURSELF. Offloading resolution to another DNS host is forwarding. I’m suggesting the OP leave 1.1.1.1 or 8.8.8.8 (or any other DNS lookup provider) out of it.
This may come as a shock to some, but you don’t need a DNS lookup provider. Ditch 'em. Problem solved.
1 Like
Again, you’re confusing/conflating resolving and forwarding. You’re not resolving anything; you’re forwarding a request for external resolution. Receiving a proxied response is not resolving.
Asking another DNS host to resolve all your lookups for you is not resolving. It’s asking someone else to resolve on your behalf, also known as DNS forwarding.
Here’s where I take issue with your previous statement:
Referencing “a hop in his network” eg a local caching resolver…
But he’s not using a resolver. He’s talking about DNS forwarding.
I’ve tried my best to make this clear.
1 Like
You’re making a lot of assumptions about what I described, and several of them are off. This isn’t an RFC with MUST/SHOULD/MAY sections; it was a casual thread. I was using shorthand, not trying to write a spec.
I’d have let it slide, but the certainty and hair‑splitting don’t add much. If something seems unclear, a clarifying question usually lands better than assuming the worst interpretation or presenting one approach as the only valid solution.
That’s all from me on this. I’m stepping out so the original topic can be continued.
No assumptions made. Directly quoted what you wrote and crafted a direct, explicit response to provide clarification and understanding to the readers of this thread.
Mighty presumptuous to ASSUME readers do not appreciate “hair-splitting” given this is a technical forum made for purposes of technical topics. A technical response is warranted.
I don’t appreciate your public admonishment. If you have something you’d like to say to me, take it to a private chat. This is not a food fight.
2 Likes
As if I were reading a dispute between two AIs…
1 Like