I haven’t written much about this outside of Twitter, but I’ve had a problem with Comcast in the past.I’ve got a Business-Class High-Speed Internet account I use to connect to work, and to run my own servers, and for testing purposes.

I also host a few websites for some friends, host some DNS, email, VPN, whatever.  I can do whatever I want (legally). I have no “bandwidth caps”, and I have the expertise to do it.  (I’m also paying over $200 a month for this privilege but for some - like me - the expense is worth it.)I’m effectively my own ISP, but more appropriately I’m my own corporate data center.  All of this in my basement “server room”.

Yes I’m a geek. Yes there’s some electricity costs. Hell, I even work for a power company (but I get no discounts).Anyways…

I also have a /28 (block of 16 IPADDRs, but in reality only 14 are available).With 14 IPADDRs, I sometimes find myself needing to make changes to the PTR records as my infrastructure changes and evolves.

To do this, normally you need to call Comcast Business Technical Support (800-391-3000) and have a Level 1 tech open up a ticket that gets dispatched to the guys out in Colorado.  Normally they’re pretty good about this, but I have had some major issues.  Yesterday was one of them.I blame Comcast’s own bureaucracy for a lot of this.  The level one techs are forced to follow a choose-your-own-adventure type script based on what you tell them when you call, and are basically automatons with a heartbeat.  Deviate from what Comcast’s systems expect and you witness Comcast having a division-by-zero right before your eyes (or in this case “ears”).

In the past I’ve reached out to Comcast Cares and have suggested that business customers be allowed to email tech support. Not only for the obvious paper trail, but because sometimes its easier to put your request down in writing and everyone understands the request better.  Of course this only works if you have connectivity but as long as you do, then let us Business Class customers use email to submit tickets for crying out loud! :-)After the fiasco yesterday, I reached out again to Comcast Cares begging and pleading to let me control the DNS for my 14 static IPs.  Delegate the /28 in-addr.arpa zone to my own authoritative nameservers, please.  I asked tech support if this was possible earlier in the day and the nice tech asked his supervisor who said “no”, so I reached out to Comcast Cares in a last ditch effort, and got a response:

Dear George,

I have been informed that you can reach out to ____________ in order to set up delegation for your PTRs to your own server.

He has stated/requested this information:

We can support this via RFC2317, please provide the customer’s IP address space and we will provide instructions on what the customer must do (which “zones” he will need to create) in order to get this setup.

We will also need the names of the Auth DNS servers the customer manages.

(I’m not going to publicly give out the guy’s email because it’s the guys direct email address and the last thing I want to do is for the guy to get a deluge of SPAM and other email from crankpots asking him if he can delegate their single DHCP IP to the customer’s own DNS server running on their residential account.  Suffice it to say, Comcast Cares now is aware that this is available and I’ll leave it up to them to pass out the guy’s name if they see fit to do so.)

So, I set up the domain, replicated it to my two other nameservers, sat back, and waited.  At 11 o’clock last night Mr. DNS w/ Comcast wrote me back to tell me everything was setup and I was good to go.

Awesome, awesome, awesome.

But before you think about wanting to do this yourself, know that Comcast has an extensive DNS infrastructure already in place. Might as well let them manage DNS unless you really need/ want to do it yourself.  Of course, to do it yourself you’ll need to dedicate one of your own static IPs to a fully-functioning DNS server of your own (along with securing it to make sure no one gets in and hacks it), and you’ll need to have access to (preferably admin-level) on another fully-functioning DNS server, and on another network (for redundancy purposes).

Also, DNS isn’t something that you can just setup and forget about either. Your servers are now part of the Internet infrastructure (albeit in a very small way), and it’s your obligation now to make sure any server you have connected to the Internet is regularly patched, kept up to date, hardened, and is kept secure.

That all being said, it’s not that difficult. Doesn’t cost a lot of money (I’m paying less than $15/ month for my two additional name servers), and gives you piece of mind and control that if you should decide to make changes to your own infrastructure that you won’t need to contact anyone else to fully implement them.

I want to thank Comcast for their patience.  I’m not always an easy customer.  I don’t accept “no” as an answer (especially when I know my request is reasonable and easy to implement), and in my mind there’s nothing worse than bullshit and bureaucracy.  Plus, I’ve been in IT (engineering, administration, analyst, and now information security) for almost 20 years, and actually know what the hell I’m talking about most of the time. 

—

Posted to gellenburg.posterous.com and sent to Consumerist since they may be interested. :-)