DNS resolve issue or not?
#1
Original Member
Original Poster
Join Date: May 1998
Location: PDX
Programs: TSA Refusenik charter member
Posts: 15,978
DNS resolve issue or not?
Since three nights ago I've only been able to access secure (https://) sites (google, facebook, mozilla support forums, etc.) but not http only sites such washingtonpost.com though I can ping it in Terminal just fine.
Quitting all browsers and running $ sudo killall -HUP mDNSResponder did not resolve the problem.
Next I tried deleting Comcrap's DNS addresses and adding both Google's and OpenDNS' primary and second addresses to the DNS Server field, and then running the above flush dns cache command again. Nada.
Running $nslookup www.washingtonpost.com 8.8.8.8 returns:
Running $ dig @8.8.8.8 www.washingtonpost.com returns:
Running $ cat /etc/resolv.conf returned:
Running $ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
and then $ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
didn't resolve the problem either.
Today I tried running $ scutil --dns, which returned:
And then running a slightly different dig command, $ /usr/bin/dig @208.67.222.222 +time=10 debug.opendns.com txt
, returned:
And naturally, most of the technical help sites and blogs out there are non secure sites so I can't even access whatever help pages a Google search returns though I can look at them on my iPhone. The only way I'm able to get log in to FT and some other sites at home is by prefixing "https://" to the domain name. And in some of those cases I'm prompted to make a certificate exception to get the page to load though it doesn't always render properly.
Doesn't matter whether I'm on my MacBookPro or MackBook. Also doesn't matter whether I use Firefox (my preferred browser), Chrome (the one I use for development), Opera (rarely use anymore) or Safari (less rarely used). I have no problem accessing anything on the web when connecting via the code academy's router, which is also on on Comcrap, or from other public Wi-Fi access points.
I've also tried the following w/o success:
• Disabling all extensions in FF 35.x.x and rebooting
• Refreshing aka resetting FF 35.x.x to its defaults
• Upgrading FF to 38.0.5
• Deleteing the cert8.db file from my FF Profile folder and restarting FF
• Running Oynx' Maintenance and Repair tools
• Creating a new user account to see if the problem persists across users. It does.
I connect to my landlord's router via WiFi, but unfortunately she's out of town for a month so I can't simply cycle power through the router and/or modem. (Can I do this remotely on the router through Terminal somehow? If so, how can I discover the router make/model?)
Not only am I having difficulty getting anything done at home but this lack of regular access has cut me off from hulu, netflix and the ability to stream local news.
It's not been a productive day. Any suggestions gratefully accepted.
Quitting all browsers and running $ sudo killall -HUP mDNSResponder did not resolve the problem.
Next I tried deleting Comcrap's DNS addresses and adding both Google's and OpenDNS' primary and second addresses to the DNS Server field, and then running the above flush dns cache command again. Nada.
Running $nslookup www.washingtonpost.com 8.8.8.8 returns:
Code:
Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: www.washingtonpost.com canonical name = www2.washingtonpost.com.inscname.net. www2.washingtonpost.com.inscname.net canonical name = ins-019.inscname.net. Name: ins-019.inscname.net Address: 192.33.31.56
Code:
; <<>> DiG 9.8.5-P1 <<>> @8.8.8.8 www.washingtonpost.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59660 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.washingtonpost.com. IN A ;; ANSWER SECTION: www.washingtonpost.com. 120 IN CNAME www2.washingtonpost.com.inscname.net. www2.washingtonpost.com.inscname.net. 186 IN CNAME ins-019.inscname.net. ins-019.inscname.net. 3186 IN A 192.33.31.56 ;; Query time: 40 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Jun 25 16:25:13 PDT 2015 ;; MSG SIZE rcvd: 128
Code:
# # Mac OS X Notice # # This file is not used by the host name and address resolution # or the DNS query routing mechanisms used by most processes on # this Mac OS X system. # # This file is automatically generated. # domain hsd1.or.comcast.net. nameserver 208.67.222.222 nameserver 208.67.220.220
Running $ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
and then $ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
didn't resolve the problem either.
Today I tried running $ scutil --dns, which returned:
Code:
DNS configuration resolver #1 search domain[0] : hsd1.or.comcast.net search domain[1] : or.comcast.net nameserver[0] : 208.67.222.222 nameserver[1] : 208.67.220.220 resolver #2 domain : local options : mdns timeout : 5 order : 300000 resolver #3 domain : 254.169.in-addr.arpa options : mdns timeout : 5 order : 300200 resolver #4 domain : 8.e.f.ip6.arpa options : mdns timeout : 5 order : 300400 resolver #5 domain : 9.e.f.ip6.arpa options : mdns timeout : 5 order : 300600 resolver #6 domain : a.e.f.ip6.arpa options : mdns timeout : 5 order : 300800 resolver #7 domain : b.e.f.ip6.arpa options : mdns timeout : 5 order : 301000 DNS configuration (for scoped queries) resolver #1 search domain[0] : hsd1.or.comcast.net search domain[1] : or.comcast.net nameserver[0] : 208.67.222.222 nameserver[1] : 208.67.220.220 if_index : 6 (en1) flags : Scoped
, returned:
Code:
; <<>> DiG 9.8.5-P1 <<>> @208.67.222.222 +time=10 debug.opendns.com txt ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34917 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;debug.opendns.com. IN TXT ;; ANSWER SECTION: debug.opendns.com. 0 IN TXT "server 1.sea" debug.opendns.com. 0 IN TXT "flags 20 0 70 5950800000000000000" debug.opendns.com. 0 IN TXT "originid 0" debug.opendns.com. 0 IN TXT "actype 0" debug.opendns.com. 0 IN TXT "source 50.139.38.118:9370" ;; Query time: 2017 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Jun 26 17:02:55 PDT 2015 ;; MSG SIZE rcvd: 188
Doesn't matter whether I'm on my MacBookPro or MackBook. Also doesn't matter whether I use Firefox (my preferred browser), Chrome (the one I use for development), Opera (rarely use anymore) or Safari (less rarely used). I have no problem accessing anything on the web when connecting via the code academy's router, which is also on on Comcrap, or from other public Wi-Fi access points.
I've also tried the following w/o success:
• Disabling all extensions in FF 35.x.x and rebooting
• Refreshing aka resetting FF 35.x.x to its defaults
• Upgrading FF to 38.0.5
• Deleteing the cert8.db file from my FF Profile folder and restarting FF
• Running Oynx' Maintenance and Repair tools
• Creating a new user account to see if the problem persists across users. It does.
I connect to my landlord's router via WiFi, but unfortunately she's out of town for a month so I can't simply cycle power through the router and/or modem. (Can I do this remotely on the router through Terminal somehow? If so, how can I discover the router make/model?)
Not only am I having difficulty getting anything done at home but this lack of regular access has cut me off from hulu, netflix and the ability to stream local news.
It's not been a productive day. Any suggestions gratefully accepted.
Last edited by essxjay; Jun 27, 2015 at 12:10 am
#5
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,303
I redirect the dns lookups to my router, and then configure the router with the dns servers I want to use. That way I only have to manage it once for everybody.
I guess that's not easy for you since it's not your router.
Your configuration is in /etc/resolv.conf. You can change those to 8.8.8.8 and 8.8.4.4 for google dns or use opendns 208.67.222.222 and 208.67.220.220 (use network preferences on each network adapter you have configured to change them .. I think you know that.)
-David
I guess that's not easy for you since it's not your router.
Your configuration is in /etc/resolv.conf. You can change those to 8.8.8.8 and 8.8.4.4 for google dns or use opendns 208.67.222.222 and 208.67.220.220 (use network preferences on each network adapter you have configured to change them .. I think you know that.)
-David
#6
Join Date: Aug 2006
Location: San Jose CA
Posts: 1,100
This isn't a DNS problem. It would be helpful to do some more fundamental problem description and isolation first:
.
.
- What error message does your browser display when you can't get to a site?
- Does this problem occur if you use your machine(s) on a different network?
- Does this problem occur if someone else's machine is used on your network?
- List 1-2 web sites that give you a cert warning for https
Last edited by boberonicus; Jun 27, 2015 at 1:33 am
#7
Join Date: Oct 2014
Location: London, UK
Programs: BA Exec Club Gold
Posts: 335
This is almost certainly NOT a dns problem. DNS is responsible for converting host names to IP address - you are able to do this fine if you are able to get to HTTPS version of the site or ping.
What is the exact error when trying to connect on http?
I am quite concerned that you have to accept a certificate warning when trying to connect on https. What are the details of the certificate? Are they correct for the site?
What is the exact error when trying to connect on http?
I am quite concerned that you have to accept a certificate warning when trying to connect on https. What are the details of the certificate? Are they correct for the site?
Last edited by FastTrak2Elite; Jun 27, 2015 at 1:40 am
#8
Join Date: Dec 2009
Location: RDU
Programs: DL DM+(segs)/MM, UA Ag, Hilton DM, Marriott Ti (life Pt), TSA Opt-out Platinum
Posts: 3,222
It doesn't appear to be a DNS issue.
As far as rebooting the router, do an ifconfig, note the gateway IP address, then put that in your web browser. If they have most retail routers, it will answer an http request and show you the model. If that doesn't work, you could try telnet or ssh to see if it responds.
Then Google: routermodel default login
Hopefully you'll get lucky and they haven't changed their password. Most routers have an option to reboot somewhere in the GUI.
As far as rebooting the router, do an ifconfig, note the gateway IP address, then put that in your web browser. If they have most retail routers, it will answer an http request and show you the model. If that doesn't work, you could try telnet or ssh to see if it responds.
Then Google: routermodel default login
Hopefully you'll get lucky and they haven't changed their password. Most routers have an option to reboot somewhere in the GUI.
#9
Join Date: Jul 2006
Location: DFW, SEA and AA in between
Programs: AA-3MM-ExPLT
Posts: 1,146
nameserver 208.67.222.222
nameserver 208.67.220.220
Is OpenDNS - https://www.opendns.com/
They have really good technical support.
I suspect that whomever configured that router knows what they are doing (OpenDNS is not an accidental choice), but upstream is blocking it for some reason...
nameserver 208.67.220.220
Is OpenDNS - https://www.opendns.com/
They have really good technical support.
I suspect that whomever configured that router knows what they are doing (OpenDNS is not an accidental choice), but upstream is blocking it for some reason...
#10
FlyerTalk Evangelist
Join Date: Apr 2009
Location: Bye Delta
Programs: AA EXP, HH Diamond, IHG Plat, Hyatt Plat, Marriott Plat, Nat'l Exec Elite, Avis Presidents Club
Posts: 16,264
Go to System Preferences --> Network --> [Select wi-fi connection] --> Advanced --> Proxies - is HTTP web proxy selected?
#11
Join Date: Aug 2006
Location: San Jose CA
Posts: 1,100
In case you're wondering why this isn't a DNS issue, imagine these two scenarios:
1. You ask me: "How do I get to 123 N. 1st Street, I want to take a picture when I get there."
2. You ask me: "How do I get to 123 N. 1st Street, I want to meet a friend there."
You would not get two different answers.
1. You ask me: "How do I get to 123 N. 1st Street, I want to take a picture when I get there."
2. You ask me: "How do I get to 123 N. 1st Street, I want to meet a friend there."
You would not get two different answers.
#12
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,147
In case you're wondering why this isn't a DNS issue, imagine these two scenarios:
1. You ask me: "How do I get to 123 N. 1st Street, I want to take a picture when I get there."
2. You ask me: "How do I get to 123 N. 1st Street, I want to meet a friend there."
You would not get two different answers.
1. You ask me: "How do I get to 123 N. 1st Street, I want to take a picture when I get there."
2. You ask me: "How do I get to 123 N. 1st Street, I want to meet a friend there."
You would not get two different answers.
But the point you're trying to make is correct. DNS doesn't get told why you want to go to an address, so the real equivalent for the two questions about would be :
1. You ask me: "How do I get to 123 N. 1st Street"
2. You ask me: "How do I get to 123 N. 1st Street"
DNS doesn't know that the intent between the two questions is different, because it never gets told the extra information (HTTP v's HTTPS, friend v's photo)
#13
Join Date: Aug 2006
Location: San Jose CA
Posts: 1,100