Comcast DNS Issues

For some reason comcast is mangling some DNS recursive searches that are performed from a bind or PowerDNS recursive server. The strange thing is that some searches succeed. The failures return the status SERVFAIL.

Examples

Working Domains

• www.stanford.edu
• web.stanford.edu

Failing Domains

• akamaiedge.net
• auristor.com
• beets.io
• bydiscourse.com
• firsttechfed.com
• prusa3d.com

Bind Dig Success

$ dig @10.0.0.40 web.stanford.edu

; <<>> DiG 9.18.24-1-Debian <<>> @10.0.0.40 web.stanford.edu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58387
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5af9a034f15286900100000065e0de51b5f09636780646b4 (good)
;; QUESTION SECTION:
;web.stanford.edu.      IN  A

;; ANSWER SECTION:
web.stanford.edu.   354 IN  A   171.67.215.200

;; Query time: 23 msec
;; SERVER: 10.0.0.40#53(10.0.0.40) (UDP)
;; WHEN: Thu Feb 29 11:43:13 PST 2024
;; MSG SIZE  rcvd: 89

Bind Dig Failure

$ dig @10.0.0.40 www.firsttechfed.com

; <<>> DiG 9.18.24-1-Debian <<>> @10.0.0.40 www.firsttechfed.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6954
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 747b7bdb6d6fb1090100000065e0de5cbc64636686fb8871 (good)
;; QUESTION SECTION:
;www.firsttechfed.com.      IN  A

;; Query time: 111 msec
;; SERVER: 10.0.0.40#53(10.0.0.40) (UDP)
;; WHEN: Thu Feb 29 11:43:24 PST 2024
;; MSG SIZE  rcvd: 77