-- Problem --------------
I've had comcast for years, and have had intermittent problems for years. Almost every time it was a problem on their end, with one time being an issue w/my cables here. NEVER has it been an issue w/my hardware. I've been experiencing the problem below for the last month or so... ish? It interrupted me in the middle of a game last night, and dropped my wife's video call with her friends, and I finally decided to do something about it.
I ALWAYS have a ping window open, using hrping so that I can timestamp things. This is for the times that my connection is slow/dropping, and I can quickly diagnose if it's the source I'm trying to connect to, or me. The behavior in the ping windows is exactly the same as what I've been seeing for a month - connection drops totally, then when it's coming back up, it still drops a lot of packages until it comes back to full. When it dropped, I took the ss, then I did some digging in my fortigate and took screenshots, and then the other ping ss was of it recovering.
Based on what I saw in my fortigate, it seems that this is 100% a problem with Comcast's DNS servers. I know these are comcast's, but also, when I go to Network > DNS, those are the servers that are dynamically obtained by my WAN. Is there any way to change this?? What you can see here in the screenshot of my sources, are 4 devices with a very high number of sessions. These are comprised of laptops, a desktop, and a tv, with active connections outside the LAN. Some of the others with high connections are an xbox and an NVIDIA Shield.
When I click on 117 (and this was the same for all of the high session devices) you can see that the VAST majority of connections are to 126.96.36.199, 188.8.131.52, which are comcast's DNS servers. As the connection resolved itself, these sessions dropped. Right now, as I'm typing this, and things are working normally, my device has 69 connections, and only 17 of them are to ..75.75, with NO connections to ..76.76.
I won't bore you with a long story of my conversations w/Comcast; the tl;dr is that they kept saying they wanted to work with me to find the problem, but that since the internet signal was strong to my house (at the time of the call it had already resolved), then it must be a problem w/my model/router (repeat this cycle about 10 times or so to get the full transcript). When I gave all the information I just shared w/you, they kept saying they couldn't transfer me to anyone else, and would not talk about their DNS servers at all. So there's really no help I can get from them.
-- Question --------------
For those who've made the journey thus far, I appreciate it. This is what I need help with:
1 - Would you agree with my assessment of the situation? Or am I totally off? Need more clarity?
2 - If #1 is validated, is there ANY WAY I can get rid of, or get around those dynamically obtained DNS servers?
I'm new to fortigate, but I've done some poking around, and I've been doing my own home networking stuff for 15+ years, so I'd be more than happy to do extra diagnostics, try some settings, etc.
-- Images --------------
Here you can see the connection dropping out.
Here is the connection recovering (this ss was taken AFTER the investigation/ss in fortigate)
Here are the sources on my network. The 4 highlighted are 2 laptops, a desktop, and a tv. The TV isn't even on or doing anything. Right now, the TV's connection has 14 sessions. The other devices w/60+ sessions are another laptop, 2 xboxes, and an NVIDIA shield. This list of things is comprised of both hardwired and wifi devices. Curiously, neither android phone (both attached to wifi) had many sessions at all.
Finally, here is a view of all destinations of sessions from one of the computers. You can also see that the session count exploded from 224 to 269 w/in just a few clicks around in the interface. The highlighted IPs are comcast's DNS servers.
Thanks for taking a look at this.