Topic: Comcast DNS Now Fails on Bitcoinica? (Read 11023 times)

Good stuff. It reminded me that at one time or the other I've configured some of the alternate DNS services that have come and gone over the years this way.

When I first became acquainted with BIND I had to deal with a worldwide private corporate network parts of which were set up by lazy/crazy people who never bothered to RTFM before they started, definitely the bad old days. It made me handier with BIND than I ever wanted to be. Things are so much simpler these days that I'm definitely out of practice 

If you do setup your own DNS, its also easy to resolve .bit IP names.

FWIW, I've run a local DNS server since my client was OS2 2.0 and my connection was dial up, with a slow connection it did a lot for reducing perceived latency when web browsing.

These days there are a lot of alternatives, but the standard is a program called BIND, which can be had for just about any platform. Linux distributions provide it universally, and it's pretty tolerable to set up on Windows as well. It does things beyond simple caching that the built-in Windows DNS cache does not.

http://www.isc.org/software/bind

The simplest thing to set up with BIND is a caching server with forwarding, the last time I installed it under Windows ( sometime in the 1990s ) this was the default configuration. You do have to add the IP addresses for your forwarding servers ( e.g. your ISP ) and then point your local IP configuration to query the local name server at 127.0.0.1 .

The reason I mention all this is that I had a hard time replicating the problem described here, I'd never seen it. It had been so long since I did my set up I had to consider why.

As it turns out, my DNS forwarders are Comcast and Google. Here's a portion of my named.conf, one of the configuration files for bind ( the program executable is usually "named" or "named.exe" ).

        forward first;
        forwarders {
                75.75.75.75;
                75.75.76.76;
                8.8.8.8;
                8.8.4.4;
        };

Beyond that BIND will identify the authoritative name servers for a given name and query those directly, in this case NS1.XWAYLAB.COM and NS2.XWAYLAB.COM for bitcoinica.com .

So, using BIND can provide robust name resolution from multiple sources, it worked transparently for me with the bitcoinica .com DNSSEC issue present, most likely by using Google to resolve the authoritative servers and then using those to resolve the actual name.

well then, Cox better not mess with ME!

Right... you can even write your own DNS server that points every name to bitcoinica's IP if you so choose .

i've entered preferred DNS server numbers into my IPv4 LAN connection settings a zillion times but never really understood what the hell i was doing.  so they don't have to be Cox's but any server i so choose?

DNS or Domain Name Service simply turns a name (bitcoinica.com) into an IP address (50.56.4.62).  This IP address is used to identify the computer you are communicating with, and to help your communications find the best path to that computer.  Normally, you use the DNS server provided by your ISP, but when that server isn't providing you with the information you want, you can use any public DNS server by changing the IP address you send your queries to.

not really which is probably why i can't relate to Namecoin.

They are public dns servers.  Do you know how DNS works?

http://www.opendns.com/ http://code.google.com/speed/public-dns/

how does openDNS or googleDNS work?

It works!

Dunno why the query time is so bad, but it resolves now.

Take a deep breath. A little paranoia around recent events is to be expected so it is helpful to know that and keep it in bounds.

As it turns out the technical explanation is reasonable, DNSSEC is working the way it is supposed to work. Are you ready for IPV6? 

I apologize for this technical issue. Apparently 3% of global DNS servers couldn't resolve bitcoinica.com properly due to DNSSEC settings.

I have investigated into this issue carefully and found that the problem was with the DNS provider we are using. They stopped signing for DNSSEC after a recent domain transfer out of GoDaddy.

I have fixed the problem now and the domain is being signed again. Comcast users, please verify that you're able to access bitcoinica.com.

Again, sorry for the issues that cause constant troubles. And thumbs up to Comcast, because one of their engineers sent us the detailed problem trace and assisted us in the resolution.

http://en.wikipedia.org/wiki/The_Sleep_of_Reason_Produces_Monsters

Comcast doesn't block Bitcoinica. Comcast correctly obeys the DNSSEC records advertised by bitcoinica.com. The fault can be blamed either on Zhoutong or his DNS vendor, domaincontrol.com. Or maybe both of them.

Comcast not only cannot be blamed, but they should be praised: they don't resolve misconfigured domain names for their customers. The whole point of DNSSEC is to avoid the possibility of using fake domain name servers.

There is a small possibility that some people can't resolve bitcoinica.com due to the problem in their equipment: some of it crashes/chokes/hangs upon seeing type 43 or type 46 DNS records or IPv6 DNS servers advertised by Bitcoinica.

I posted about this about a week ago:
https://bitcointalksearch.org/topic/m.688795 .
Since then I tested this on several known working setups and I'm positive that the fault is due to Zhoutong's or his DNS vendor's misconfiguration.

As a temporary workaround you can put:

50.56.4.62 bitcoinica.com

in /etc/hosts or C:\WINOWS\system32\drivers\etc\hosts .

I have to think that this is all due to someone like from the thread of the year. Someone who was up a lot of money at bitcoinica and then got liquidated saying how much of a criminal zhou is. They probably wrote to the ISP and compelled them to remove the entry (or worked for Comcast). It would be interesting though if Zhou threatened legal action in retaliation for Comcast essentially removing his site from the internet.

You don't have to install any software. You can use googles DNS so you just point your router or pc at 4.4.4.4 or 8.8.8.8

wow so this is why bitcoinica hasnt been loading for me!   

just installed openDNS screw comcast!

The OPEN Act (H.R.3782) is interesting, and potentially relevant to bitcoin.  Instead of censoring things, the bill implements financial sanctions for such sites.  Of course, bitcoin breaks this entirely, but hopefully this will at least get them to leave the internet's core protocols alone for a while.

Well Cambodia is no longer communist, but the song still applies.

"What you need is a holiday in Cambodia, it's tough kid but it's life... Holiday in Cambodia..."

What I wish for is authoritarian forum governance pursuing intellectual elitism. Ignorant asshats should be purged, but instead they come here and get fawned upon.