DNS resolve issue or not?
 

Since three nights ago I've only been able to access secure (https://) sites (google, facebook, mozilla support forums, etc.) but not http only sites such washingtonpost.com though I can ping it in Terminal just fine.


Quitting all browsers and running $ sudo killall -HUP mDNSResponder did not resolve the problem.

Next I tried deleting Comcrap's DNS addresses and adding both Google's and OpenDNS' primary and second addresses to the DNS Server field, and then running the above flush dns cache command again. Nada.

Running $nslookup www.washingtonpost.com 8.8.8.8 returns:

Running $ dig @8.8.8.8 www.washingtonpost.com returns:

Running $ cat /etc/resolv.conf returned:


Running $ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
and then $ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
didn't resolve the problem either.


Today I tried running $ scutil --dns, which returned:

And then running a slightly different dig command, $ /usr/bin/dig @208.67.222.222 +time=10 debug.opendns.com txt
, returned:

And naturally, most of the technical help sites and blogs out there are non secure sites so I can't even access whatever help pages a Google search returns though I can look at them on my iPhone. The only way I'm able to get log in to FT and some other sites at home is by prefixing "https://" to the domain name. And in some of those cases I'm prompted to make a certificate exception to get the page to load though it doesn't always render properly.

Doesn't matter whether I'm on my MacBookPro or MackBook. Also doesn't matter whether I use Firefox (my preferred browser), Chrome (the one I use for development), Opera (rarely use anymore) or Safari (less rarely used). I have no problem accessing anything on the web when connecting via the code academy's router, which is also on on Comcrap, or from other public Wi-Fi access points.

I've also tried the following w/o success:

• Disabling all extensions in FF 35.x.x and rebooting
• Refreshing aka resetting FF 35.x.x to its defaults
• Upgrading FF to 38.0.5
• Deleteing the cert8.db file from my FF Profile folder and restarting FF
• Running Oynx' Maintenance and Repair tools
• Creating a new user account to see if the problem persists across users. It does.

I connect to my landlord's router via WiFi, but unfortunately she's out of town for a month so I can't simply cycle power through the router and/or modem. (Can I do this remotely on the router through Terminal somehow? If so, how can I discover the router make/model?)

Not only am I having difficulty getting anything done at home but this lack of regular access has cut me off from hulu, netflix and the ability to stream local news. :mad:

It's not been a productive day. Any suggestions gratefully accepted.

Do you have access to the circuit breakers for the landlord's portion of the building?

Don't I [bleeping] wish! :D

Well, it was a thought! :D

I redirect the dns lookups to my router, and then configure the router with the dns servers I want to use. That way I only have to manage it once for everybody.

I guess that's not easy for you since it's not your router.

Your configuration is in /etc/resolv.conf. You can change those to 8.8.8.8 and 8.8.4.4 for google dns or use opendns 208.67.222.222 and 208.67.220.220 (use network preferences on each network adapter you have configured to change them .. I think you know that.)

-David

This isn't a DNS problem. It would be helpful to do some more fundamental problem description and isolation first:
.

• What error message does your browser display when you can't get to a site?
• Does this problem occur if you use your machine(s) on a different network?
• Does this problem occur if someone else's machine is used on your network?
• List 1-2 web sites that give you a cert warning for https

This is almost certainly NOT a dns problem. DNS is responsible for converting host names to IP address - you are able to do this fine if you are able to get to HTTPS version of the site or ping.

What is the exact error when trying to connect on http?
I am quite concerned that you have to accept a certificate warning when trying to connect on https. What are the details of the certificate? Are they correct for the site?

It doesn't appear to be a DNS issue.

As far as rebooting the router, do an ifconfig, note the gateway IP address, then put that in your web browser. If they have most retail routers, it will answer an http request and show you the model. If that doesn't work, you could try telnet or ssh to see if it responds.

Then Google: routermodel default login

Hopefully you'll get lucky and they haven't changed their password. Most routers have an option to reboot somewhere in the GUI.

nameserver 208.67.222.222
nameserver 208.67.220.220

Is OpenDNS - https://www.opendns.com/

They have really good technical support.

I suspect that whomever configured that router knows what they are doing (OpenDNS is not an accidental choice), but upstream is blocking it for some reason...

Go to System Preferences --> Network --> [Select wi-fi connection] --> Advanced --> Proxies - is HTTP web proxy selected?

In case you're wondering why this isn't a DNS issue, imagine these two scenarios:

1. You ask me: "How do I get to 123 N. 1st Street, I want to take a picture when I get there."

2. You ask me: "How do I get to 123 N. 1st Street, I want to meet a friend there."

You would not get two different answers.

That's actually a really bad analogy, as you could very well get two different answers (maybe you don't want me meeting up with my friend!)

But the point you're trying to make is correct. DNS doesn't get told why you want to go to an address, so the real equivalent for the two questions about would be :

1. You ask me: "How do I get to 123 N. 1st Street"

2. You ask me: "How do I get to 123 N. 1st Street"

DNS doesn't know that the intent between the two questions is different, because it never gets told the extra information (HTTP v's HTTPS, friend v's photo)

Yes, it was really bad and technically imprecise, thanks for pointing out how dumb it was! I'm sure your example was much more instructive to the OP.