Can't access some websites

[Gabe84 57]

Yesterday I've started having a weird problem with my connection, when I try to access OneDrive, Office Web Apps, Calendar and Contacts I cannot connect, however I can connect and use Outlook.com, but I can't use the search function in the mail, my browser keeps loading the page without displaying it, this happens with other two sites, OpenDNS website, and an Italian website, subito.it

 

I use Lubuntu 14.04 fully updated, my main browser is Firefox 36.0.1 with LastPass, Ghostery, AdBlock Plus, HTTPS Everywhere, X-Notifier, EPUBReader and Ubuntu Firefox Modifications 3.0; Ghostery and ABP are disabled on Microsoft websites as I found that they don't allow Outlook.com and others to work properly. I tried to disable HTTPS Everywhere but it didn't change anything.

 

That's the same exact configuration I had 2 days ago when all those sites worked perfectly.

 

I tried with Midori and Opera, without extensions, and those sites don't work either.

Edit: I tried using Chrome, those sites don't load either.

 

When I started having this problem I had OpenDNS, I changed them to Google Public DNS and still didn't work, I changed again to my ISP DNS and I still can't get those sites to work.

 

Here's something even stranger, if I use Tor Browser, no matter what DNS I use, I can reach and use those sites flawlessly, I don't know about OneDrive as I don't log in using TOR, but Tor Browser displays the site quickly and without any problem.

 

Besides this my connection works perfectly, every other site works and other protocols work too.

 

Do you have any idea why this happens?

[+BudMan 3,737]

Dude your not having any problems resolving anything..  I saw no issues in your sniff about not getting an answer.. So not sure how you think this is a dns issue..

 

This is what your issue is - which is NOT DNS!!!

 

 

You are sending hey I want to talk, and getting no answer.. You already looked up an IP..  Now its possible this IP could be bad, depending on what your ISP cached, etc.  But that opendns.com is the same IP address I get, and can talk to and get back redirect, etc..

 

Here is the thing you can always ask a dns server directly for the IP.

 

so here is name servers for opendns.com

 

C:\>dig opendns.com NS

; <<>> DiG 9.10.2 <<>> opendns.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1489
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;opendns.com.                   IN      NS

;; ANSWER SECTION:
opendns.com.            604800  IN      NS      auth1.opendns.com.
opendns.com.            604800  IN      NS      auth2.opendns.com.
opendns.com.            604800  IN      NS      auth3.opendns.com.

;; ADDITIONAL SECTION:
auth1.opendns.com.      172800  IN      A       208.69.39.2
auth2.opendns.com.      172800  IN      A       67.215.92.66
auth3.opendns.com.      172800  IN      A       208.69.39.2

;; Query time: 201 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Sat Mar 21 03:59:56 Central Daylight Time 2015
;; MSG SIZE  rcvd: 148

 

So I can ask them DIRECTLY for the IP address of www.opendns.com

 

C:\>dig @208.69.39.2 www.opendns.com                                  
                                                                      
; <<>> DiG 9.10.2 <<>> @208.69.39.2 www.opendns.com                   
; (1 server found)                                                    
;; global options: +cmd                                               
;; Got answer:                                                        
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14618             
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3  
;; WARNING: recursion requested but not available                     
                                                                      
;; QUESTION SECTION:                                                  
;www.opendns.com.               IN      A                             
                                                                      
;; ANSWER SECTION:                                                    
www.opendns.com.        600     IN      A       67.215.92.219         
                                                                      
;; AUTHORITY SECTION:                                                 
opendns.com.            604800  IN      NS      auth1.opendns.com.    
opendns.com.            604800  IN      NS      auth2.opendns.com.    
opendns.com.            604800  IN      NS      auth3.opendns.com.    
                                                                      
;; ADDITIONAL SECTION:                                                
auth1.opendns.com.      172800  IN      A       208.69.39.2           
auth2.opendns.com.      172800  IN      A       67.215.92.66          
auth3.opendns.com.      172800  IN      A       208.69.39.2           
                                                                      
;; Query time: 11 msec                                                
;; SERVER: 208.69.39.2#53(208.69.39.2)                                
;; WHEN: Sat Mar 21 04:01:28 Central Daylight Time 2015               
;; MSG SIZE  rcvd: 157    

 

That is the IP I get, that is the IP you were trying to access, etc..  But your sending hello and not getting an answer, that is NOT a dns problem.. That is a connectivity or them blocking you problem.                                          

 

As to your isp dns sucking.. I didn't say that, that is your machine asking both of them at the same time, which is fine.. But your machine is also sending back a hey basically a you got beat message and telling him the port I asked you from is closed.. Which to be honest he gives 2 ###### about, and your just sending back a packet for no reason.  Not good setup for performance in the big picture.

 

I don't use that linux distro, so have no idea what its doing for dns.  Its clearly running a caching/forwarder on your loopback, and then sending those queries to your isp dns.  Which is fine, unless yes your isp dns suck - which quite often they do.  Some of them even break rfcs and store stuff longer than the ttls, etc.  I run my own resolver, I will go find dns from the authoritative directly thank you very much, and will at the same time validate its dnssec if setup, etc.

 

DNS is a one of my favorite subjects, and the issue of your contacting the CDN box where some of the files of that website sibito are stored in the above example has nothing to do with dns in that your asking for the IP of an address and getting that IP back in a timely manner.  Now could that IP be wrong?? That is very good question.  But clearly the opendns.com one is same for both of us, and works for me.  Now if your in Italy, maybe your suppose to talk to a different one?  But my server in Luxembourg resolves the same IP.  And grabs the file just fine.. So that clearly is not dns related problem.

 

root@ns2:/tmp# wget www.opendns.com
--2015-03-21 05:15:04--  http://www.opendns.com/
Resolving www.opendns.com (www.opendns.com)... 2620:0:cc1:115::219, 67.215.92.219
Connecting to www.opendns.com (www.opendns.com)|2620:0:cc1:115::219|:80... connected.
HTTP request sent, awaiting response... 301 https://www.opendns.com/
Location: https://www.opendns.com/ [following]
--2015-03-21 05:15:04--  https://www.opendns.com/
Connecting to www.opendns.com (www.opendns.com)|2620:0:cc1:115::219|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html'

    [ <=>                                                                                                                  ] 49,657       296KB/s   in 0.2s

2015-03-21 05:15:06 (296 KB/s) - 'index.html' saved [49657]

Oh just noticed that used IPv6, here this is via ipv4

root@ns2:/tmp# wget -4 www.opendns.com
--2015-03-21 05:18:15--  http://www.opendns.com/
Resolving www.opendns.com (www.opendns.com)... 67.215.92.219
Connecting to www.opendns.com (www.opendns.com)|67.215.92.219|:80... connected.
HTTP request sent, awaiting response... 301 https://www.opendns.com/
Location: https://www.opendns.com/ [following]
--2015-03-21 05:18:15--  https://www.opendns.com/
Connecting to www.opendns.com (www.opendns.com)|67.215.92.219|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html.1'

    [ <=>                                                                                                                  ] 50,361       323KB/s   in 0.2s

2015-03-21 05:18:17 (323 KB/s) - 'index.html.1' saved [50361]
 

 

Your problem with opendns.com is your ISP connectivity or them blocking you.  I would call your isp about it, and since your having connectivity issues to other sites as well it seems odd that your blocked, so really points to isp problem.

 

As to how your linux is setup for dns.. What exact distro are you using, and I will fire it up and take a look at what it does.  I use ubuntu a lot, but not with a gui.. I just use shell, I don't even have a linux gui installed.. Maybe I do hav a vm of mint around.

 

So for example part of that sbito site is stored on CDN akamaiedge.net, this is a HUGE CDN dude, they serve up a large chunk of the internet.  http://en.wikipedia.org/wiki/Akamai_Technologies%C2"'> its quite possible your isp network is having problems connecting to their networks, or portions of it, etc.  I would suggest you call your isp about your problem.

[+BudMan 3,737]

Not a huge tor guy, but when using tor - doesn't the exit point do the dns request for you?  So it doesn't matter what your client is set for with dns.  The exit node does the dns from my understanding, like a proxy.

 

I would check that your client can do dns, using dig or drill or nslookup on your linux box - what do you get for sites that are not working.

 

Say for example

 

budman@ubuntu:~$ dig www.opendns.com

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.opendns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22335
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.opendns.com.               IN      A

;; ANSWER SECTION:
www.opendns.com.        600     IN      A       67.215.92.219

;; AUTHORITY SECTION:
opendns.com.            604800  IN      NS      auth1.opendns.com.
opendns.com.            604800  IN      NS      auth2.opendns.com.
opendns.com.            604800  IN      NS      auth3.opendns.com.

;; ADDITIONAL SECTION:
auth1.opendns.com.      172800  IN      A       208.69.39.2
auth2.opendns.com.      172800  IN      A       67.215.92.66
auth3.opendns.com.      172800  IN      A       208.69.39.2

;; Query time: 253 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Fri Mar 20 07:33:01 CDT 2015
;; MSG SIZE  rcvd: 168

 

When you have issues with different browsers, it really points to dns related problem.  Since the common thread is they all have to do dns to go to where you wanting to go.
 

[Gabe84 57]

Not a huge tor guy, but when using tor - doesn't the exit point do the dns request for you?  So it doesn't matter what your client is set for with dns.  The exit node does the dns from my understanding, like a proxy.

 

I would check that your client can do dns, using dig or drill or nslookup on your linux box - what do you get for sites that are not working.

 

Say for example

 

budman@ubuntu:~$ dig www.opendns.com

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.opendns.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22335

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.opendns.com.               IN      A

;; ANSWER SECTION:

www.opendns.com.        600     IN      A       67.215.92.219

;; AUTHORITY SECTION:

opendns.com.            604800  IN      NS      auth1.opendns.com.

opendns.com.            604800  IN      NS      auth2.opendns.com.

opendns.com.            604800  IN      NS      auth3.opendns.com.

;; ADDITIONAL SECTION:

auth1.opendns.com.      172800  IN      A       208.69.39.2

auth2.opendns.com.      172800  IN      A       67.215.92.66

auth3.opendns.com.      172800  IN      A       208.69.39.2

;; Query time: 253 msec

;; SERVER: 192.168.1.253#53(192.168.1.253)

;; WHEN: Fri Mar 20 07:33:01 CDT 2015

;; MSG SIZE  rcvd: 168

 

When you have issues with different browsers, it really points to dns related problem.  Since the common thread is they all have to do dns to go to where you wanting to go.

 

 

Thanks, this is what I get

 

live.com

 

 

dig www.live.com

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.live.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49399

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.live.com.            IN    A

;; ANSWER SECTION:

www.live.com.        21    IN    CNAME    mail.live.com.

mail.live.com.        793    IN    CNAME    dispatch.kahuna.glbdns2.microsoft.com.

dispatch.kahuna.glbdns2.microsoft.com. 98 IN A    157.56.122.211

dispatch.kahuna.glbdns2.microsoft.com. 98 IN A    157.55.235.50

;; AUTHORITY SECTION:

glbdns2.microsoft.com.    36    IN    NS    glb2.glbdns2.microsoft.com.

glbdns2.microsoft.com.    36    IN    NS    glb1.glbdns2.microsoft.com.

;; ADDITIONAL SECTION:

glb1.glbdns2.microsoft.com. 36    IN    A    204.79.195.17

glb1.glbdns2.microsoft.com. 36    IN    AAAA    2a01:111:2002::17

glb2.glbdns2.microsoft.com. 36    IN    A    65.55.117.17

glb2.glbdns2.microsoft.com. 36    IN    AAAA    2a01:111:2bad::17

;; Query time: 23 msec

;; SERVER: 127.0.1.1#53(127.0.1.1)

;; WHEN: Fri Mar 20 14:51:05 CET 2015

;; MSG SIZE  rcvd: 266

 

 

OpenDNS

 

 

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.opendns.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65100

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.opendns.com.        IN    A

;; ANSWER SECTION:

www.opendns.com.    191    IN    A    67.215.92.219

;; AUTHORITY SECTION:

opendns.com.        66395    IN    NS    auth2.opendns.com.

opendns.com.        66395    IN    NS    auth3.opendns.com.

opendns.com.        66395    IN    NS    auth1.opendns.com.

;; ADDITIONAL SECTION:

auth1.opendns.com.    66395    IN    A    208.69.39.2

auth2.opendns.com.    66395    IN    A    67.215.92.66

auth3.opendns.com.    150372    IN    A    208.69.39.2

;; Query time: 22 msec

;; SERVER: 127.0.1.1#53(127.0.1.1)

;; WHEN: Fri Mar 20 14:52:43 CET 2015

;; MSG SIZE  rcvd: 168

 

www.subito.it

 

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.subito.it

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24472

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.subito.it.            IN    A

;; ANSWER SECTION:

www.subito.it.        496    IN    A    212.31.252.70

;; AUTHORITY SECTION:

subito.it.        8669    IN    NS    ns2.register.it.

subito.it.        8669    IN    NS    ns1.register.it.

;; ADDITIONAL SECTION:

ns1.register.it.    70249    IN    A    195.110.124.140

ns2.register.it.    69844    IN    A    213.92.11.34

;; Query time: 21 msec

;; SERVER: 127.0.1.1#53(127.0.1.1)

;; WHEN: Fri Mar 20 14:53:28 CET 2015

;; MSG SIZE  rcvd: 135

 

 

Do you see something strange?

[+BudMan 3,737]

The only thing that jumps out at me is those are all cached entries, you notice the ttls are less than a ttl that you would get if the the authoritative dns was queried. So do yo forward your queries to your isp, or you using full resolver?

 

So you can not get to www.opendns.com?

 

Can you ping that ip for say opendns

 

budman@ubuntu:~$ ping 67.215.92.219
PING 67.215.92.219 (67.215.92.219) 56(84) bytes of data.
64 bytes from 67.215.92.219: icmp_seq=1 ttl=51 time=60.6 ms
64 bytes from 67.215.92.219: icmp_seq=2 ttl=51 time=61.8 ms
 

Since you seem to resolve, its possible your having a connectivity issue to those networks, or your isp is having problems, etc.  If you can resolve them, but can not ping them (not all sites will answer ping) but you can see the www.opendns.com one does.

 

Are you currently having the problem?  Or does it come an go?  Its possible they are blocking your IP for some reason - this would also explain why it works with tor.  Since your coming from different IP.  Im a big fan of just doing a sniff and see exactly what is happening.  This should show you query for whatever fqdn you might be going to and validate that that resolving everything that might be linked in a site, etc.  And that might see any errors a site might send back that your browser is not showing you.

 

Wireshark is great tool for this, or just tcpdump, etc.  More than happy to take a look see if your not a big sniffer reader.  I would say reboot your machine so your sure everything in cache both browser and dns locally.  Then fire up your sniffer, then try going to different sites.  We should then see what exactly is going on.

[Gabe84 57]

This is what I get with ping:

live.com
 

ping 157.56.122.211
PING 157.56.122.211 (157.56.122.211) 56(84) bytes of data.
64 bytes from 157.56.122.211: icmp_seq=1 ttl=236 time=42.5 ms
64 bytes from 157.56.122.211: icmp_seq=2 ttl=236 time=41.5 ms

--- 157.56.122.211 ping statistics ---
460 packets transmitted, 459 received, 0% packet loss, time 459615ms
rtt min/avg/max/mdev = 41.455/69.944/316.969/46.247 ms

 

opendns
 

ping 67.215.92.219
PING 67.215.92.219 (67.215.92.219) 56(84) bytes of data.

 

subito.it

 

ping 212.31.252.70
PING 212.31.252.70 (212.31.252.70) 56(84) bytes of data.

 

 

I've installed Wireshark, but it tells me "No interface can be used for capturing in this system with the current configuration", tcpdump on the other hand works, I've root privileges and I tried

tcpdump -i eth0

it displays an enormous amount of data, which to my eyes is a mix of ancient chinese and arabic, is there a more specific command? What should I copy/paste?

 

As for your question regarding forwarding to ISP or using a full resolver, well.... I have no idea what these are XD, I'm just connected via ethernet using my ISP's DNS servers at the moment and I'm not using Tor. I've been having this problem non stop since yesterday.

 

Thanks again!

 

Edit: I have no idea if this is right or wrong but I launched this in terminal:

tcpdump -i eth0 host 67.215.92.219

which is OpenDNS, I tried to connect via browser to www.opendns.com and nothing happened, then in the address bar I typed the IP and in terminal I got this

 

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:17:12.679995 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 339511 ecr 0,nop,wscale 7], length 0
17:17:13.679719 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 339761 ecr 0,nop,wscale 7], length 0
17:17:15.683711 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 340262 ecr 0,nop,wscale 7], length 0
17:17:19.691707 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 341264 ecr 0,nop,wscale 7], length 0
17:17:20.525998 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 341472 ecr 0,nop,wscale 7], length 0
17:17:20.776171 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 341535 ecr 0,nop,wscale 7], length 0
17:17:21.523712 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 341722 ecr 0,nop,wscale 7], length 0
17:17:21.775719 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 341785 ecr 0,nop,wscale 7], length 0
17:17:23.527710 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 342223 ecr 0,nop,wscale 7], length 0
17:17:23.779705 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 342286 ecr 0,nop,wscale 7], length 0
17:17:27.531726 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 343224 ecr 0,nop,wscale 7], length 0
17:17:27.707716 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 343268 ecr 0,nop,wscale 7], length 0
17:17:27.787738 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 343288 ecr 0,nop,wscale 7], length 0
17:17:35.547731 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 345228 ecr 0,nop,wscale 7], length 0
17:17:35.803720 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 345292 ecr 0,nop,wscale 7], length 0
17:17:43.755719 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 347280 ecr 0,nop,wscale 7], length 0
17:17:51.563727 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 349232 ecr 0,nop,wscale 7], length 0
17:17:51.819719 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 349296 ecr 0,nop,wscale 7], length 0
17:18:15.819721 IP 10.161.185.29.33317 > 67.215.92.219.http: Flags , seq 319950363, win 29200, options [mss 1460,sackOK,TS val 355296 ecr 0,nop,wscale 7], length 0
17:18:23.627724 IP 10.161.185.29.33318 > 67.215.92.219.http: Flags , seq 1872122212, win 29200, options [mss 1460,sackOK,TS val 357248 ecr 0,nop,wscale 7], length 0
17:18:23.883740 IP 10.161.185.29.33319 > 67.215.92.219.http: Flags , seq 3028100570, win 29200, options [mss 1460,sackOK,TS val 357312 ecr 0,nop,wscale 7], length 0

 

[+BudMan 3,737]

That looks like a attempt at making the connection but no ack back, so they did not answer you.  You should see something like this in a normal connection.  Its much easier to read if your going to use tcpdump to capture just write it to a file and then open the file in wireshark.

 

So from what you posted your sending the syn (hey lets talk), but you don't get an answer.  When you want to talk to a server via tcp there is a handshake - syn, syn ack, ack

 

So you see here I talk to it on http, syn, syn ack (they answered) then I send back ack to that and then ask for website that GET / HTTP/1.1, and the server sends back hey this as been moved 301, use https://www.opendns.com

 

So then you see it start to talk on https (443) same syn, syn ack, ack and then they exchange some key info, etc. etc..

 

 

From what you posted your not getting back a syn ack to your syn even.  Are you blocking the traffic in anything?  Can you sniff on public side of your router?  Try doing just a wget from your linux box.

 

So for example

 

budman@ubuntu:/tmp$ rm index.html*
budman@ubuntu:/tmp$ wget http://www.opendns.com
--2015-03-20 12:19:27--  http://www.opendns.com/
Resolving www.opendns.com (www.opendns.com)... 67.215.92.219, 2620:0:cc1:115::219
Connecting to www.opendns.com (www.opendns.com)|67.215.92.219|:80... connected.
HTTP request sent, awaiting response... 301 https://www.opendns.com/
Location: https://www.opendns.com/ [following]
--2015-03-20 12:19:27--  https://www.opendns.com/
Connecting to www.opendns.com (www.opendns.com)|67.215.92.219|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to:

[Gabe84 57]

As for my router, it's a Residential Gateway, I can't change any setting on it, except the Wi-Fi password, everything is configured remotely by my ISP, as far as I know I'm not blocking anything, I don't even have a firewall installed.

 

With wget this is the result

 

wget http://www.opendns.com
--2015-03-20 18:43:39--  http://www.opendns.com/
Risoluzione di www.opendns.com (www.opendns.com)... 67.215.92.219, 2620:0:cc1:115::219
Connessione a www.opendns.com (www.opendns.com)|67.215.92.219|:80... non riuscito: Connessione scaduta.
Connessione a www.opendns.com (www.opendns.com)|2620:0:cc1:115::219|:80... non riuscito: La rete non

[+BudMan 3,737]

Well so the opendns one seems you can not get get the info that your suppose to use https - can you try it with https from the get go, wget https://www.opendns.com

 

As to the others where you can get the index.html - you could look inside those to see if they are doing a redirect there to somewhere can not get.  Or do a sniff and follow what happens.

 

To be honest the others ones make a little more sense since you could ping them, you would hope you could talk to them on 80, but maybe they redirect to some cloudservice or call up something else that your having a problem getting to that is causing the problem.

 

You might want to call your isp and ask them to help you troubleshoot the problem,   The other thing you could do to just rule out anything on your machine is load a liveCD and validate that also doesn't work or if does then we have more info and would point to something specific with your machine.

 

So for example at just a quick look at that subito.it

 

http://s.sbito.it/1201426793237/img2/logo_homepage.png

 

Can your resolve s.subito.it for example

[Gabe84 57]

I have HTTPS Everywhere, but even when clicking on your link I can't connect, Firefox doesn't even display the site, I get Error "Firefox cannot establish a connection with server" etc.

 

For the other sites, after a long time when I can get on those sites, all I see is a page which seems a basic html page, a white page with blue links, the index.html files when opened in Firefox point to the legit sites, no redirect.

 

As for sniffing, is there a way to dumb it down a bit? I can run commands in terminal, but I don't know all commands I should run, I tried to look for tutorials for tcpdump but they've not been very helpful, what is the specific command I have to run in order to show what you think can help identify the problem?

 

When I tried that command before I got a boatload of strings and they were keep coming, I had no idea neither whether I ran the right command nor what to look for.

 

I was thinking about trying with the LiveCD too, will it do a system restore like Windows (or was it Office?) where it fixes corrupted files or will it wipe my installation clean? I'd like to avoid reinstalling Lubuntu completely, unless there's a way to save and export settings and installed software.

 

Edit: No, when I try http://s.subito.it/ it immediately displays "Firefox can't contact server", same for the logo_homepage.png

[+BudMan 3,737]

so for tcpdump your command was correct other than writing it to a file.

 

so example

 

root@ubuntu:/tmp# tcpdump -i eth0 -s0 -w /tmp/cap.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C5 packets captured
8 packets received by filter
0 packets dropped by kernel
root@ubuntu:/tmp#

 

Then just break it with cntrl C and then get me that file and we can take a look, or open it in wireshark.  The -s0 sets the snaplength so you don't truncate any packets.

 

Yeah if your getting ###### looking pages you prob having a problem loading the css file.  So in that sudio.it site it was here

 

http://s.sbito.it/1201426793237/css/home.css

 

Can you load that? That tells the browser how to make the page look for styles, etc.

 

 

Um the sniff will tell a lot I am sure to what you can and can not load up..

 

edit:  So does s.sbito.it resolve?

 

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;s.sbito.it.                    IN      A

;; ANSWER SECTION:
s.sbito.it.             86400   IN      CNAME   www.subito.it.edgekey.net.
www.subito.it.edgekey.net. 21600 IN     CNAME   e5987.g.akamaiedge.net
e5987.g.akamaiedge.net. 20      IN      A       23.63.186.159

 

As you see that is being hosted on CDN, edgekey and akamaiedge.net are Distribution networks.  So s.bito.it points to that www.subito.it.edgekey.net which resolves e5987.g.akamaiedge.net which points to 23.63.186.159 -- can you ping that?

 

budman@ubuntu:/tmp$ ping 23.63.186.159
PING 23.63.186.159 (23.63.186.159) 56(84) bytes of data.
64 bytes from 23.63.186.159: icmp_seq=1 ttl=56 time=16.4 ms
64 bytes from 23.63.186.159: icmp_seq=2 ttl=56 time=12.3 ms

 

Does it resolve?

[froggyliver 18]

Sounds like DNS to me. I had the same type problem and tried 3 different DNS until it worked. Its odd.

[+BudMan 3,737]

Well it is odd.  But since he clearly resolves the www.opendns.com to the correct IP, and can not connect on it via port 80, it for sure is not just a dns issue.  He could be having dns problems as well.  But that points to dns not being the root of all of his problems.

 

All of his other sites also resolve, etc.  So that points to NOT a dns problem.  But his linux box is pointing to 127.0.1.1 for his dns - so as I asked before where are you pointing that too, you must be runing dnsmasq or something on your linux box that is listening on your local machine.  That sends it where?  Your routers IP?  Your isp DNS?  somewhere else.  If your using dns for outside your region you could be resolving IPs for the wrong region that might be block from your IP, etc.

[Gabe84 57]

I can't even load the .css file.

 

I've attached the file, I was sniffing while trying to visit OneDrive, OpenDNS and subito.it.

 

Thanks again man!

 

 

cap.pcap.zip

[DirtyLarry 2,097]

I had an issue about 4 days ago where I could only access some websites but not others.

I had to enable ipv6 on my ISP supplied router/modem

Never had to do that, but it somehow worked.

Not sure if it was disabled or I never had it enabled.

[Gabe84 57]

Well it is odd.  But since he clearly resolves the www.opendns.com to the correct IP, and can not connect on it via port 80, it for sure is not just a dns issue.  He could be having dns problems as well.  But that points to dns not being the root of all of his problems.

 

All of his other sites also resolve, etc.  So that points to NOT a dns problem.  But his linux box is pointing to 127.0.1.1 for his dns - so as I asked before where are you pointing that too, you must be runing dnsmasq or something on your linux box that is listening on your local machine.  That sends it where?  Your routers IP?  Your isp DNS?  somewhere else.  If your using dns for outside your region you could be resolving IPs for the wrong region that might be block from your IP, etc.

Since you're mentioning this, if I use the network settings in Lubuntu, this is what it displays

 

[+BudMan 3,737]

"I had to enable ipv6 on my ISP supplied router/modem"

 

Sorry but no - there are no sites that are only available via IPv6, other than some porn sites maybe.  While your browser and OS will try and use IPv6 first, and so if your ipv6 is borked and you try and hit a site that has a IPv6 address it will try that.

 

But he is clearly attempting it over ipv4, and not working via his wget.  And those are clearly available via IPv4

 

If you would like to open a thread to go over how to properly configure IPv6 to work correctly, then happy to join that thread.  To be honest the default configurations of windows for ipv6 is a mess.  It has 3 different methods of trying to tunnel ipv6 over ipv4, teredo, isatap and 6to4.  So it quite often can be borked.  So what dns service are you running?  dnsmasq?  Something else?  Unbound, Bind?  Why don't you change your box to point to your router directly?  Or your ISP?

 

I currently run ipv6 on multiple segments on my local network with /48 routed to me and segments with /64.  I never have any issues with IPv6, but normally turn off using it in my browser unless actually testing something on it.  You could do that as just a clean up measure.  In firefox you can look in about:config for network.dns.disableIPv6;true and set it to true, now firefox will not use ipv6.  If you want to configure it in the os to disable it or have it properly configured and prefer ipv4 over ipv6, etc.. start new thread.. love to play with ipv6 so happy to join it.

 

As to this 127.0.1.1, yeah your pointing to something local on your machine 127.x.x.x is loopback.  Why don't you just point direct to your router IP?

 

edit:

So looking at that trace.

 

You can see quite clear that your trying to talk to stuff and not getting an answer.  Which has nothing to do with DNS not resolve where you want to go.

 

So for example

 

Here

 

You send multiple syns say HEY lets talk, and not getting a response, so its retransmitted, hey lets talk!!

 

Then here this is where you resolve that one fqdn to the CDN..  But you can not talk to it either

 

But I do see this odd traffic - you running P2P client?

 

Yeah this is clearly p2p, this is DHT.. 

 

 

Yeah turn on the right dissection and it all becomes very easy to read

 

 

edit:  Ok this is bit odd as well.. So your asking these 2 IPs for dns query.  They both send you response.  Those must be your isp dns, and your linux box is askng them directly.. Both at the same time and the one that answers first wins.  But then your sending back hey that port is not available, this behavior is not great for performance.  If you want to query multiple dns in parallel thats fine, but you shouldn't then wast resources telling the ones that didn't finish first that your port is closed.. Might was just drop that packet.  So your ISP is .fastwebnet.it ?  That is what those 2 IPs look to be from a PTR, dns servers for that network fastwebnet.

 

 

I love looking at sniffs - always good stuff to look into.  How the internet works is just KEWL as ###### at the packet level

[Gabe84 57]

I had stopped Deluge before starting sniffing, maybe it was still sending/receiving some packets.

 

Anyway, yes my ISP is called Fastweb and the IP is usually numbers.fastwebnet.it, and yes 89.97.140.140 is one of my ISP DNS, the other one - which should be the primary DNS - is 85.18.200.200.

 

About that 127.0.0.1, I know it's the local IP, I have no idea how in the world it got into that configuration.

 

So basically to solve this problem I should do two things:

 

- Change that 127.0.0.1 to my IP? If I click on "Connection Information", on the taskbar in Lubuntu, I get a few info about my network: IP Address, Broadcast IP (?) and Subnet Mask, which one should I use? I cannot find my router IP since all I can do with it is changing the Wi-Fi password and turning off Wi-Fi.

 

- About the DNS. So my ISP DNS suck, therefore I should use Google Public DNS and then go back to OpenDNS? (According to Namebench OpenDNS were the fastest for me)

[Gabe84 57]

I changed the DNS to Google's 8.8.8.8 without the secondary DNS, and now I can use OneDrive, but not the Web Apps, Contacts and Calendar, I can load, instantly, the subito.it homepage but can't navigate the site, and I can't still load OpenDNS.

 

I tried to manually change - in the GUI - the 127.0.1.1 to 8.8.8.8 but resolv.conf reverts the changes, I edited NetworkManager.conf and added a # before dns=dnsmasq, restarted network mananger and resolv.conf changed the 127.0.1.1 to 8.8.8.8, but I saw no improvements so I re-edited NetworkManager.conf to its original state and restarted it, and 127.0.1.1 is back.

 

What am I doing wrong? I feel like Matteo Renzi when he tries to speak English.

[Gabe84 57]

Thanks again!

Honestly, whenever I bypass my ISP, be it via Tor or via a simple free web proxy, I can get to those sites, with web proxies obviously I can't use those sites a lot since free web proxies usually block scripts and objects, but with Tor is fine, I just have to allow what I need with NoScript.

 

I started having this problem suddenly on Thursday afternoon, in the morning and on Wednesday everything was working perfectly, since I'm a Linux novice I thought I messed something up, but this doesn't seem to be the case, the .conf files who handle internet connectivity were not modified, and I don't edit .conf files because in the end I wouldn't what I'd be doing, and, also, I changed my DNS to OpenDNS months ago and I have never experienced any problem; considering that support from my ISP is handled by regular guys with little on the job training regarding the most common issues - like "The leds on my router are red/off/flashing, what the f*** is going on?!" -, in short they're way less competent than you and, frankly, probably even less competent than me, I wanted to make sure that it wasn't a configuration problem with my distro.

 

Will inserting and booting from the Live CD allow me to check if everything is alright without wiping the installation clean?

 

I use Lubuntu 14.04, which is Ubuntu with the LXDE desktop environment, basically it's Ubuntu without some bells and whistles in order to optimize it for older machines.

 

So, if we can 100% rule out that's a problem on my part, and therefore something I can't fix, I'll mark this as solved.

[Jared- 583]

First thing I would've done is check how browsing is on another device\other pc. 

 

I imagine booting up on a Live CD will be fine, meaning it's your config that's screwed. 

[+BudMan 3,737]

Yeah from your sniff saying hey IP of opendns.com lets talk, and not getting back a syn,ack to your syn points to something outside your control.  You say you have no admin of the router, and your not running a firewall between your linux box and the router that points to network problem at the isp level.

 

As to using a liveCD, yup that can be booted and run without touching anything on your current machines disk or setup, etc.

 

As to why tor works..  If you had a vpn would prob work as well, I run vpn servers on multiple vps around the US and in EU, etc.  I use these for testing connectivity mostly, because its handy to see if something work when using a different path.  For example your case is perfect example.  When you use tor your taking a different path to get to where you want to go.  As you see you don't have any problems getting to some sites..  So if you can get to that first tor node, and it has not problems getting to its other nodes.  Then the exit node path to say opendns.com is going to be a completely different path than direct from your connection.

 

So for example here is traceroute from a box I have in LV, and then from one in Florida

 

So you can see first couple hops really quick, this is inside the lan at the datacenter where they are located.  Then you peer up with different companies, and then even when  you right the same backbone - those ntt.net hops they are hitting different routers along the way because they came in from different locations, etc.  And then at somepoint you see they match up and take the same path along the network to destination IP.

 

Did you do a traceroute to www.opendns.com just to see the path?

 

 

Now not all routers along the path will answer, even though they really should.. This can be very helpful in troubleshooting if you can see along the path where your having issues, longest time packet loss, etc. You see for example hop 4 doesn't answer from florida.

 

What exact version of of lubuntu do you have installed? I assume 14.10 grabbing it now to see how it setups up the dns stuff.

 

@Jared-

"I imagine booting up on a Live CD will be fine, meaning it's your config that's screwed."

 

So exactly what part of his config is screwed in when he sends SYN he gets no reply??  Did you not read the thread?  He posted a sniff, take a look at it yourself.  He resolves dns fine, he sends syn and gets no syn,ack -- How could that be his "config"??  when it works to plenty of other IPs, etc..  How??

 

And when he uses tor that takes a different network path it works just fine?  How is that something on his "config" ?

[Jared- 583]

Test 1 - Boot Live CD using ISP DNS Settings

Test 2 - Boot Live CD using DNS settings from other dudes you're using.

 

Suspect it's your installation.

[Gabe84 57]

First thing I would've done is check how browsing is on another device\other pc. 

 

I imagine booting up on a Live CD will be fine, meaning it's your config that's screwed. 

Well, this is the only device I have, it works with any kind of connection (proxy, Tor) and protocol, except a few sites.

 

Yeah from your sniff saying hey IP of opendns.com lets talk, and not getting back a syn,ack to your syn points to something outside your control.  You say you have no admin of the router, and your not running a firewall between your linux box and the router that points to network problem at the isp level.

 

As to using a liveCD, yup that can be booted and run without touching anything on your current machines disk or setup, etc.

 

As to why tor works..  If you had a vpn would prob work as well, I run vpn servers on multiple vps around the US and in EU, etc.  I use these for testing connectivity mostly, because its handy to see if something work when using a different path.  For example your case is perfect example.  When you use tor your taking a different path to get to where you want to go.  As you see you don't have any problems getting to some sites..  So if you can get to that first tor node, and it has not problems getting to its other nodes.  Then the exit node path to say opendns.com is going to be a completely different path than direct from your connection.

 

So for example here is traceroute from a box I have in LV, and then from one in Florida

 

So you can see first couple hops really quick, this is inside the lan at the datacenter where they are located.  Then you peer up with different companies, and then even when  you right the same backbone - those ntt.net hops they are hitting different routers along the way because they came in from different locations, etc.  And then at somepoint you see they match up and take the same path along the network to destination IP.

 

Did you do a traceroute to www.opendns.com just to see the path?

 

differentpaths.png

 

Now not all routers along the path will answer, even though they really should.. This can be very helpful in troubleshooting if you can see along the path where your having issues, longest time packet loss, etc. You see for example hop 4 doesn't answer from florida.

 

What exact version of of lubuntu do you have installed? I assume 14.10 grabbing it now to see how it setups up the dns stuff.

It's Lubuntu 14.04 LTS.

 

Here are my traceroutes

 

Editing

 

 

 

[+BudMan 3,737]

oh 14.10 is installing now - pretty sure they are same, etc..  Couple of minutes should be able to see how it sets up dns.

 

At jared again - what part do you not get about sending syn tp 67.215.92.219 and not getting an answer not having anything to do with dns??  So your telling me that using dns server 1 vs dns server 2 is going to give him a different IP that works?  I find that unlikely to be honest..  Since if you ask the NS for open dns A record of WWW you get this

 

www.opendns.com.        600     IN      A       67.215.92.219

 

Now sure there could be some geoip stuff working, and where you query them from might product a different IP for you to use.  But since I query it from EU and US and get the same IP I find that highly unlikely since the OP is in Italy.  But he has the same symptoms for multiple sites.. He sends SYN so some IPs and gets back nothing.. This is NOT dns problem.  How his box does dns was a tangent conversation, etc.

 

VM is restarting now, let me take a look, brb

 

edit:

So looks like it installs dnsmasq-base, which prob doesn't allow you to config it, etc.  That is pretty crappy setup if you ask me.  Since dnsmasq would still be running if just used the gui to point to different dns servers  But in the network manager you should be able to just remove 127.0.1.1 and add what you want.  You can see it gets dns from dhcp as well..  I would have to spend some more time looking into how they set this up, when you install ubuntu server it doesn't do this   And I normally install min version anyway, and install exactly what I want, etc.  Not a big fan of all the stuff they install..  You can see cups is running on that 631 port.  It sure didn't ask me if I wanted to use cups for example.  And sure looks like its running ntpd server, didn't ask me if I wanted that, etc..

 

 

You could most likely install the full dnsmasq and that way to be able to set it up what it forwards to vs what you got from dhcp, or you could most likely do something in the resolv.conf to not let it get overwritten pointing to whatever you want.  Or could just change your dhcp server to hand out what you want on your router.  Do you have access to do that?  Either way this is just all extra stuff in understanding what your using for dns, etc..  DNS from everything I see is not your issue.

[Jared- 583]

You do realise I only read the initial thread?