• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 592
  • Last Modified:

Some Websites blocked on Network - DNS?

There are some websites that we can't go to from any PC or from the Server.  There is nothing blocked in the router.  I disabled the firewall and still couldn't get to some websites (unless I needed to reboot the server and/or router to effect this change???)

From a cmd window I can ping wildblue.net and I get a response.

If I use NSLOOPUP this is what i get:

Server: Wildblue.net
Addresses:  66.249.81.121
                    64.233.179.121
                    72.14.207.121

          DNS Request Timed Out
          Timeout was 2 seconds
  ****Request to wildblue.net  timed out

I can not go to the website using any of the listed IP addresses

Can anyone tell me what is wrong?

Thanks in advance
         
0
wndata
Asked:
wndata
  • 11
  • 10
  • 4
1 Solution
 
Chris DentPowerShell DeveloperCommented:
0
 
agriesserCommented:
To make sure that this is not a DNS related issue:

Try to add the following line to c:\windows\system32\drivers\etc\hosts:

66.249.81.121 wildblue.net

Save this file and try to connect with your browser again.
0
 
Chris DentPowerShell DeveloperCommented:

Oops, didn't realise that kind was quite so huge. Horrible thing, sorry about that.

Chris
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
wndataAuthor Commented:
I will try these suggestions tomorrow and report back!

Thanks!
0
 
agriesserCommented:
Any updates on this one?
0
 
wndataAuthor Commented:
Hello again,

I checked aggreisser's suggestion and added the line to the host's file.  No joy.

I couldn't use the link supplied by Chris-Dent because it is from the wildblue site.  I will try it from another computer.   I did try opening port 8443 in the router but there was no change in the behavior.

In case its of any help, that system uses a linksys router BEFSX41.

Thanks!

Anne
0
 
agriesserCommented:
OK, then can you try to telnet to that port? By doing this we would definetly know if it's a connection issue or something else.

Start -> Run -> cmd

telnet www.wildblue.net 80
<Enter>
<Enter>
You should be able to press enter multiple times (quit by writing "QUIT" and press Enter multiple times after that).

Then try to connect to the myaccounts site:

telnet myaccount.wildblue.net 8443
<Enter>
<Enter>
0
 
Chris DentPowerShell DeveloperCommented:

Running Tracert to myaccount.wildblue.net would be interesting as well. Just in case, that's:

tracert myaccount.wildblue.net

All hops and the destination respond to ICMP, which helps :)

Chris
0
 
wndataAuthor Commented:
Okay - I am scheduled to be back at that office tomorrow and I will try your suggestions.

I was giving this more thought and I came up with something that might have something to do with this problem.  Another tech set up VPN access and, of course, made several changes in Port Forwarding in the router.  This inability to go to websites did not coincide with his VPN setup but I wonder if these websites are now trying to use one of the ports he redirected.  Possible?  If so,  I will get into the router on Thursday and tell you what the setup is.

Thanks very much!

0
 
Chris DentPowerShell DeveloperCommented:

Yep, it is possible. Especially considering this particular web site feels the need to use 8443 instead of the default ports.

Chris
0
 
agriesserCommented:
That mostly depends on what kind of router is working at your office.
Nowadays, in times of stateful packet filtering, no ports should be wrongly redirected anymore (especially not the usual reply ports above 1024, but we'll see when you get to your router).
0
 
wndataAuthor Commented:
Agriesser - I was able to telnet www.wildblue.net. 80.  It connected and I could press Enter without popping out to a DOS prompt.    QUIT and Enter several got me out.

When I tried telnet myaccount.wildblue.net 8443:  I got an underscore prompt but when I pressed Enter a couple of times it popped out to a DOS prompt.

I don't know much about port triggers so I may not have 8443 open.  I will attach a screen shot of the Forwarding page, the Port Triggering page and the UPnP Forwarding page from the router.

Perhaps you can tell me if something I or the guy that setup the VPN did is wrong.

Thanks so much!
Forwarding-Screen.doc
0
 
wndataAuthor Commented:
Chris-Dent

Here is the tracert to myaccount.wildblue.net.  Looks like it gets there but...
It looks a little funky when I paste the text in this window so I will also attach the text file.

Tracing route to myaccount.wildblue.net [64.106.208.167]

over a maximum of 30 hops:



  1    62 ms    61 ms    61 ms  10.34.2.1

  2    61 ms    60 ms    60 ms  so-0-1-1-0.CORE-RTR1.CHI01.verizon-gni.net [130.81.16.100]

  3    61 ms    61 ms    61 ms  so-7-2-0-0.BB-RTR1.CHI01.verizon-gni.net [130.81.20.56]

  4    61 ms    61 ms    61 ms  0.so-0-0-0.XT1.CHI4.ALTER.NET [152.63.0.229]

  5    85 ms    85 ms    85 ms  0.so-7-1-0.XL1.EWR6.ALTER.NET [152.63.16.193]

  6    85 ms    85 ms    84 ms  POS6-0.GW1.EWR17.ALTER.NET [152.63.28.82]

  7    85 ms    85 ms    86 ms  datapipe-gw.customer.alter.net [157.130.254.162]

  8    86 ms    85 ms    85 ms  vl12.dist1-4.ewr.datapipe.net [64.106.128.22]

  9    87 ms    87 ms   202 ms  vl61.dist1-2.smq.datapipe.net [64.106.128.236]

 10    86 ms    87 ms    85 ms  64.106.208.167



Trace complete.


tracert.txt
0
 
agriesserCommented:
Try to delete the http 8443 port triggering for testing purposes.
0
 
agriesserCommented:
Or try to change it to read https 8443 8443.
0
 
wndataAuthor Commented:
Okay - then try the telnet again ?
0
 
wndataAuthor Commented:
I changed the entry to https and tried the telnet myaccount.wildblue.net 8443 - it was same as before.

0
 
agriesserCommented:
Try to access the site with your webbrowser now. The telnet command was just a debugging thing.
In the end, you should be able to access this site with your webbrowser, so do the modifications as suggested above and after each modification, try to browse to this website.
0
 
wndataAuthor Commented:
Agriesser - Whoohoo! - I can go to myaccount.wildblue.net!  I will have the other users try the other unreachable websites but maybe it's fixed!  I'll award you the points and lots of appreciation from me for your help!

0
 
wndataAuthor Commented:
Thanks again!
0
 
agriesserCommented:
If it's not absolutely necessary, try to remove this entry.

If another site has to be accessed with http://aaa.com:443 it will fail again.
0
 
agriesserCommented:
Sorry, I meant http://aaa.com:8443
0
 
wndataAuthor Commented:
Sorry ... not sure what you mean.
0
 
agriesserCommented:
The problem is that with the old configuration, the router accepted only http traffic to port 8443 (whyever this was configured that way).
myaccount.wildblue.net used an SSL connection (https) on port 8443 to work properly and the route recognized, that the traffic directed to port 8443 on the other end was not HTTP but HTTPS and therefore the connection didn't work out.

If you now change it to https 8443 8443, it allows for outgoing HTTPS traffic to port 8443, but if you ever encounter a webiste which URL is http://somesite.com:8443, it refuses again to load on your clients, because it isn't  HTTPS (that's what the router would have expected).

I don't know why this port triggering configuration has been established in your environment, but I'd roll that issue up with the guy who setup this VPN and ask him about the details why this configuration has been made.

You will definetly be more flexible if you simply remove this line in case of troubles.
If it's desired to control what traffic goes to what port, it's perfectly fine, but please keep in mind (read: write down) what you need to do in such a case because the same issue might arise in the future again.
0
 
wndataAuthor Commented:
I would like to follow up on your detailed explanation to make sure I understand but I am about to be late to another appointment.  I think I have a question but don't have time to really read your post.  If it's okay I will read it again later and respond.  Thanks!

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 11
  • 10
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now