[Edit: I changed the CNAME record for the root domain to be an A record pointing to the Posterous IP address (currently 220.127.116.11). This seems to be fixing the problem. However, I don't like that solution because if Posterous changes its IP address then everything breaks. Also, I feel a bit stupid but I'll leave this post up because it may be useful to someone else.]
A few months ago I decided to point diegobasch.com to my posterous blog, which used to be located at dbasch.posterous.com. As instructed by Posterous, I changed my Namecheap dns settings to look like this:
I use Google’s DNS servers, and I’ve never had a problem accessing my blog on Posterous. I went ahead merrily and kept dumping my thoughts, dry humor and sometimes vitriol into my blog. In the months since, I had a few blog posts that went somewhat viral on Twitter and Hacker News. Interestingly, I received many comments from people who tell me “your blog is down” or “I’d love to read your posts but I cannot access your site.”
At first I thought it might be temporary glitches on the part of Posterous or Namecheap, but I confirmed independently with both that everything works as it should.
Yesterday I asked Twitter to help me diagnose the problem. It turns out that the problem seems to be with Comcast, and perhaps other ISPs. Says @cavorite:
@dbasch It seems that the problem is with Comcast’s DNS servers, “dig @18.104.22.168 diegobasch.com” yields SERVFAIL.
I started researching Comcast DNS servers on my own.
;; Got SERVFAIL reply from 22.214.171.124, trying next server
;; connection timed out; no servers could be reached
Diegos-MacBook-Air-2:~ dbasch$ nslookup – 126.96.36.199
If you read this post, many people complain that Comcast seems to be hijacking requests for non-existent domains to show whatever they want. However, I changed my domain months ago. Comcast should have taken notice by now.
1) Comcast DNS servers are broken.
2) DNS in its current form is broken as well. It wasn’t designed to be used by the current internet. Furthermore, a particular ISP can decide to use its DNS servers as a mechanism for censorship.
I believe that OS makers should give people an option to choose among several DNS servers during the installation process, and explain why.