![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
We had DNS issues over the weekend we couldn't figure out and it wasn't on our end. I'm putting the resulting Comcast Business Internet issue here for my own searchability later, and possibly for other people having bizarre DNS errors regarding "DNS format error from [many addresses] resolving ./NS: non-improving referral" showing up in syslog when it's not a generalised DNS issue at AWS or Cloudflare or something.
SecurityEdge plays badly with static IP addresses and with all forms of self-host.
It is also automatically bundled with most Comcast Business plans. It can be removed, but at additional cost; it can also be disabled.
Unfortunately, Security Edge may re-enable on modem software updates. When this happens, it is possible to disable the offending behaviour through Portal. But it cannot be completely disabled by customers through Portal.
In such cases, customers must call in and have support do it. Any agent should be able to disable security edge without elevation.
If the agent has difficulty disabling SecurityEdge, have the agent put the request into a ticket and elevated support will go into "telnet" (not actually telnet, an administrative command line but they use "telnet" for simplification) and disable it again.
In a contract renewal, SecurityEdge can be excluded as an add-on, BUT the plan will cost more money because of bundling bullshit.
SecurityEdge plays badly with static IP addresses and with all forms of self-host.
It is also automatically bundled with most Comcast Business plans. It can be removed, but at additional cost; it can also be disabled.
Unfortunately, Security Edge may re-enable on modem software updates. When this happens, it is possible to disable the offending behaviour through Portal. But it cannot be completely disabled by customers through Portal.
In such cases, customers must call in and have support do it. Any agent should be able to disable security edge without elevation.
If the agent has difficulty disabling SecurityEdge, have the agent put the request into a ticket and elevated support will go into "telnet" (not actually telnet, an administrative command line but they use "telnet" for simplification) and disable it again.
In a contract renewal, SecurityEdge can be excluded as an add-on, BUT the plan will cost more money because of bundling bullshit.
