Last Modified: Sun 21 Jun, 2020 10:36 AM
I'm a Comcast/Xfinity customer - somewhat begrudgingly, but not really. Their service is honestly pretty reliable, and I've never had trouble with billing or customer service - and well, it's the only option that I really have.
Part of my service is cable internet. For the longest time I've had a Zoom 5341 modem and it worked reliably for years and was more than fast enough for what I wanted to do. But I got a letter in the mail explaining that Comcast had upgraded my service and that my current equipment was not capable of taking full advantage of that. Well that wouldn't do at all...
So I bought a new modem: an Arris SB6183. It was approved for Comcast, should be plenty fast enough, and seemed to be the sweet-spot for getting something that would last a while without over-paying for something too good for what I need now just to be future-proof.
I found a doc that covered how to upgrade the modem, but when I followed it, I found that things weren't working. After removing my old modem and powering up and cabling the new one, I restarted the DHCP daemon on my router and obsesrved that it got a public IP but that's where the happy path ended.
Traceroute showed that I was able to get at least a hop or two out, but I couldn't access the activation page or even resolve DNS for it. I was dead in the water...
Tcpdump showed lots of outbound DNS traffic from my DNS server, but nothing coming back. I could see other outbound traffic (generally just bare TCP SYN segments), but again, nothing in return. That's about all I could see.
I thought some about how I would make this sort of system, and I figured they probably have my router locked down to only being able to access their login page, and probably a specific DNS server to resolve it. As I have my own DNS server that bypasses Comcast, I first changed my DNS server to use the Comcast caching nameservers (75.75.75.75) but that didn't work either. Then I figured that they might be handing out a different server via DHCP...
So I went back to tcpdump and filtered for just DHCP traffic (bootps port), tossed on some verbose flags, and bounced my DHCP client again. This would have told me what DNS server to use, except my router has a custom DHCP configuration where it isn't even asking for nameservers because I want it to use mine and not to have /etc/resolv.conf get clobbered. And because I wasn't asking, they weren't providing one. So I un-hacked /etc/dhcp/dhclient.conf so that it was again requesting "domain-name-servers" and stopped superceding that with my own stuff, then bounced it again, and then I saw that they wanted me to use these nameservers: 162.150.21.51 & 162.150.8.51. Once I got those into place on my system, I was then able to resolve the hostname of the activation server and access it - then I could login and finish the activation process. Success!
Then of course I backed out of all of that and everything kept working. The whole process took me about 10 minutes - but 10 minutes without internet access at home is 10 minutes too long!
I guess I get why Comcast doesn't document anything like this. They assume that everyone is using their nameservers (but seriously, don't do that if you care at all about your privacy), and not running their own nameserver that then sends encrypted requests to a public server that promises not to spy on you... which is what I do - but it sure would be nice if they provided some supplemental information to the upgrade article to explain how it was supposed to work.
I guess since I won't have to do this for another 5 years or so the process will probably change by then, but hopefully this saves somebody some time that has the forethought to research how this works (which I thought I did...) and finds this page.
Last Modified: Sun 21 Jun, 2020 10:36 AM