[Edit: I changed the CNAME record for the root domain to be an A record pointing to the Posterous IP address (currently 184.106.20.99). This seems to be fixing the problem. However, I don’t like that solution because if Posterous changes its IP address then everything breaks. Also, I feel a bit stupid but I’ll leave this post up because it may be useful to someone else.]

A few months ago I decided to point diegobasch.com to my posterous blog, which used to be located at dbasch.posterous.com. As instructed by Posterous, I changed my Namecheap dns settings to look like this:

I use Google’s DNS servers, and I’ve never had a problem accessing my blog on Posterous. I went ahead merrily and kept dumping my thoughts, dry humor and sometimes vitriol into my blog. In the months since, I had a few blog posts that went somewhat viral on Twitter and Hacker News. Interestingly, I received many comments from people who tell me “your blog is down” or “I’d love to read your posts but I cannot access your site.”

At first I thought it might be temporary glitches on the part of Posterous or Namecheap, but I confirmed independently with both that everything works as it should.

Yesterday I asked Twitter to help me diagnose the problem. It turns out that the problem seems to be with Comcast, and perhaps other ISPs. Says @cavorite

It seems that the problem is with Comcast’s DNS servers, “dig .75.76.76 diegobasch.com” yields SERVFAIL.

I started researching Comcast DNS servers on my own.

Diegos-MacBook-Air-2:~ dbasch$ nslookup – cdns02.comcast.net diegobasch.com ;; Got SERVFAIL reply from 75.75.76.76, trying next server ;; connection timed out; no servers could be reached

Diegos-MacBook-Air-2:~ dbasch$ nslookup – 75.75.75.75 diegobasch.com Server: 75.75.75.75 Address: 75.75.75.75#53 ** server can’t find diegobasch.com : NXDOMAIN

WTF COMCAST!!!

If you read this post , many people complain that Comcast seems to be hijacking requests for non-existent domains to show whatever they want. However, I changed my domain months ago. Comcast should have taken notice by now.

Two conclusions:

1) Comcast DNS servers are broken.

2) DNS in its current form is broken as well. It wasn’t designed to be used by the current internet. Furthermore, a particular ISP can decide to use its DNS servers as a mechanism for censorship.