Friday morning here in Portland, a web hosting customer could not check their email without an error saying that their mail server wasn’t found, and they couldn’t see their own website either.

Initial attempts to help her proved fruitless, and after trying everything, she was sadly told that it appeared to be a Frontier DNS problem.

Subsequently, we had several people over the weekend  with the exact same issue, and we’re not a large host,  so depending on how wide spread this problem is, a lot of people might be affected!

Frontier recently took over Verizons ISP service  here in parts of Portland Oregon, and without getting too technical, here’s what’s wrong…

The Frontier DNS Settings Need Changing in Your Modem

The DNS settings that were put into the modems when they were put  into the customer offices and homes are not functioning correctly, and need updating by Frontier.

I wish I could be more specific, but with so many models of modem installed by Verizon over the past 10 years since DSL came along, there’s simply no way to tell you exactly where to go to fix this.

Here’s how to fix the Frontier “I can’t see my website” problem.

1. Log into your modem IP address – (if you don’t do that then you’re going to have to call Frontier support)
2. Figure out how to change your DNS settings, from the hardcoded BAD ones, of which there appeared to be several, and check the box that says something like “obtaind DNS automatically”

Our own hosting customers have likely solved the problem by now,  so I’m putting these instructions out here for anyone else who happens to need them.

If you own your own domain, and suddenly cannot get your own e-mail or website, then you might try this on your modem and see if it works.

Can someone at Frontier please fix those bad Verizon DNS settings?

Update 10/26
In the wake of this blog post, we discovered that nearly 35,000 domains we knew of were xperiencing this issue not only from our servers, but from the servers of others in our datacenter, and even a couple of other small web hosts and reseller acquaintances who are unrelated to our business at all.

This morning I received a very courteous phone call from Frontier, who told me how WE could fix the problem.

In layman’s terms, the internet is running out of IP addesses, and Arin is releasing IP blocks in a range that the default NS config files had blocked, as being in a “black hole”.

The default BIND source code has some hard coded default exclusions that all webhosts are going to have to change theirs.

The reason WHY the default BIND source has exclusions is still a mystery, and I suppose there’s a case to be made that all registrars for all domains should be notifying all registrants in the same way that they insist upon annual ownership verification, but that’s neither here nor there, I guess.

Thank you to Frontier for responding so quickly, and if you’re a web host, here are the instructions to “fix” your config files so this doesnt happen with other ISP’s besides Frontier as the years roll by.

Here are the relevant details that I was emailed after the phone call…

Frontier customers trying to resolve your customers sites are not able to resolve them due to what appears as our cache DNS farms (184.16.4.22, 184.16.4.23, 184.16.33.54, 184.16.33.56) are unable to contact your authoritative DNS.

We have had this issue with several providers recently. The root causes have been outdated “bogon” lists or not allowing our subnet (184.16.0.0/14) via ACL or firewall.

Thanks Frontier, for the great service!

Qwest Internet service here in Portland Oregon has apparently begun to randomly block port 25 for its customers, just like Comcast did last year. This renders users helpless to send email using their own domain from their web host’s email server like most businesses do.

Also just like Comcast, they are not doing it to all users yet, and they have provided no notice to users for whom they have done this. It’s only due to spending several hours on the phone last summer that I can offer this solution.

If this has happened to you, simply open your mail client, go to the advanced properties of the mail account, and change your outgoing mail server (SMTP) from Port 25, to port 587, then save configuration, and restart your Outlook or Outlook express.

Port 587 is another port that many web hosts provide for exactly this situation. While I can attest to its success on the majority of hosted mail servers (including our web hosting servers in Portland), it may not work for everyone.

In the event changing to port 587 does not solve your problem, rather than calling Qwest, call your web host, and explain that “you suspect that your ISP has blocked port 25 for outgoing mail. What other port do they recommend you try?”

At that point, they will either open another port, or tell you the existing passport to use for their Web hosting.

The reasons Qwest (and Comcast) have done this to people with no notice escape me, but there ya go!

You’re not alone…
Users all over the country are finding out daily that suddenly, for no apparent reason at all, they are unable to send mail if they want people to reply to their business or personal e-mail addressed other than one that is @comcast.net. This is because Comcast is blocking port 25 , which is your default port for sending email through your mail software.

The error message says (fill in your own X):
The connection to the server has failed. Account: ‘XXXX’, Server: ‘xxx.xxx.xxx.xx’, Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10060, Error Number: 0x800CCC0E

Gee that’s helpful, isn’t it?
If you are using mail.yourdomain.com for your SMTP outgoing mail server, then you get an error saying “unable to connect to the mail server” even though it just successfully connected to the mail server to retrieve your incoming mail. After wasting time calling your web host, and going through various troubleshooting techniques, they tell you to call Comcast.

To make matters worse, users are finding out one at a time, because Comcast is slowly rolling out these changes user by user in individual markets around the country. This month, it’s apparently Portland Oregon’s turn, where I live.

To cut to the chase, here’s the solution:
Change the port your computer is using for SMTP outgoing mail, from Port 25 to one that your hosting provider will allow. In most cases, this seems to be port 587 for Portland providers.

To do this in Outlook -

• Go to tools – e-mail accounts – view or change existing account
• Sselect the appropriate mail account and hit the change button
• Go to the more settings button, and into the Advanced tab
• Change your default port 25, to port 587, and you should be back in business in most cases.

Still broken?

• Added note from comments below – Some people in the midwest for whom 487 didn’t work succesfully chaged to 465 and picked SSL under the “use the following type of encrypted connection” drop down. They did not check the “this server requires an encrypted connection” box.

In Outlook express -

• Go to tools – accounts – Mail tab
• Choose Properties box – Advanced Tab – and from there you can do the same

The reason Comcast claims to be doing this is in an effort to prevent spam being sent by zombie/spyware/virus laden computers using their bandwidth and their Internet connection.

I suspect they are really doing it to limit liability for any future potential lawsuits, and not really to save bandwidth, but I have no problem with that.

The problem with Comcast doing this is that they do not seem to be telling all of their support people, and do not be notifying their customers. This has been going on around the country for MONTHS.

Instead, it takes the end user hours of frustrating time on the phone spent with lower-level tech-support who have no idea that this change has even taken place.

One can only guess how many individual users are still frustrated at this very moment because they are being forced to do their business e-mail from home using their @comcast.net accounts, after uninformed Comcast agents are able to help them?

As a web host, we were forced to spend hours dealing with Comcast before we got an actual answer, and we still lost a couple of hosting customers over it, who were convinced that it must be our fault, since Comcast told them it was.

Great customer service. If there was any competing product in my market I would switch in a heartbeat. I tried once before in 2005 after nearly an entire summer of poor Comcast connectivity.

Thanks Comcast, for valuing our time so very little, in your quest to make mega millions.