[Edit: I changed the CNAME record for the root domain to be an A record pointing to the Posterous IP address (currently 184.106.20.99). This seems to be fixing the problem. However, I don’t like that solution because if Posterous changes its IP address then everything breaks. Also, I feel a bit stupid but I’ll leave this post up because it may be useful to someone else.]
A few months ago I decided to point diegobasch.com to my posterous blog, which used to be located at dbasch.posterous.com. As instructed by Posterous, I changed my Namecheap dns settings to look like this:
I use Google’s DNS servers, and I’ve never had a problem accessing my blog on Posterous. I went ahead merrily and kept dumping my thoughts, dry humor and sometimes vitriol into my blog. In the months since, I had a few blog posts that went somewhat viral on Twitter and Hacker News. Interestingly, I received many comments from people who tell me “your blog is down” or “I’d love to read your posts but I cannot access your site.”
At first I thought it might be temporary glitches on the part of Posterous or Namecheap, but I confirmed independently with both that everything works as it should.
Yesterday I asked Twitter to help me diagnose the problem. It turns out that the problem seems to be with Comcast, and perhaps other ISPs. Says @cavorite:
@dbasch It seems that the problem is with Comcast’s DNS servers, “dig @75.75.76.76 diegobasch.com” yields SERVFAIL.
I started researching Comcast DNS servers on my own.
Diegos-MacBook-Air-2:~ dbasch$ nslookup – cdns02.comcast.net;; Got SERVFAIL reply from 75.75.76.76, trying next server;; connection timed out; no servers could be reached
Diegos-MacBook-Air-2:~ dbasch$ nslookup – 75.75.75.75Server: 75.75.75.75Address: 75.75.75.75#53** server can’t find diegobasch.com: NXDOMAIN
Interestingly, www.diegobasch.com works just fine:
Non-authoritative answer:www.diegobasch.com canonical name = posterous.com.Name: posterous.comAddress: 184.106.20.99
WTF COMCAST!!!
If you read this post, many people complain that Comcast seems to be hijacking requests for non-existent domains to show whatever they want. However, I changed my domain months ago. Comcast should have taken notice by now.
Two conclusions:
1) Comcast DNS servers are broken.
2) DNS in its current form is broken as well. It wasn’t designed to be used by the current internet. Furthermore, a particular ISP can decide to use its DNS servers as a mechanism for censorship.
I believe that OS makers should give people an option to choose among several DNS servers during the installation process, and explain why.
This is no conspiracy. The problem is that this domain has misconfigured DNS.Its root domain record is a CNAME. This is not allowed and is a broken configuration. Some DNS servers and libraries support it anyway, but Comcast is doing nothing wrong by sticking to the spec.
@rohansingh: I was going by this post:http://pzxc.com/cname-on-domain-root-does-workJust “fixed” it, and it seems to be working. Thanks.
You’re right that using an A record isn’t great because your hosting provider loses the flexibility of being able to change IP addresses. This article explains it really well: https://devcenter.heroku.com/articles/avoiding-naked-domains-dns-arecordsMy solution is to use CloudFlare for my DNS (it’s free, why not?) and use their “page rules” feature to do a 301 (permanent) redirect from domain.com/* to http://www.domain.com/$1.You can see what happens if you run `curl -I maxmasnick.com`.dnsimple.com (another DNS provider) also lets you add a “URL” record, which also is a 301 redirect.One should be careful with 301 redirects because the are cached locally and quite thus permanent (see: http://www.jacquesmattheij.com/301+redirects+-+a+dangerous+one+way+street). But in this case I think this is what you want.