https://www.costco.com loads, but not costco.com

[umarmung]

Costco is a bad test of anything. IsItDownRightNow reports it as down for at least one and a half days so far.

 

[heysoundude]

I doubt costco’s web designers would share that website’s sense of humour.

 

[bwoked]

Yet again today my ISP seems to be blocking my NTP and dnscrypt queries; its been fine for months but on occasion it goes down no matter what service or tricks I try; ICMP to IP works. VPN works great, so I want to set up a fallback to send all dnscrypt queries through the OpenVPN client tunnel; if these issues were not happening to me I would feel a lot more comfortable using DNS with my provider, though it may not only be ISP but any middle box on the line can interfere; not to mention hackers on the local ISP gateway. When you are trying to stop your government from killing babies and providing citizenship for al qaeda, sometimes the ****ers get uppidy. My ISP router was being hacked as well, if I dont use protections like DNScrypt & a quality router, I am fair game for hackers.

 

[bwoked]

I think a lot of these issues I have been experiencing with https and other sites not working of late had to do with changing the MTU to 1492 on my AsusWRT; I changed it back to the standard 1500 and everything seems to be working fine again. The router was going hard hammering the subnet with icmp presumably for troubleshooting reasons after I changed it.

 

[dugaduga]

Hmm, I just upgraded pixelserv-tls, maybe this had something to do with it: (i clear cache and don't store certs in the browser)

• Upgraded OpenSSL to 1.1.1b for pixelserv-tls static binaries. OpenSSL 1.1.1b provides better compatibility for client browsers and apps.
• Added logging on LEVEL 2 when a client disconnects before a response is sent i.e. a 'cly' event

 

[sbsnb]

One example being I have to use my ISP DNS to receive un-metered “data-free” streaming for Spotify and Netflix. So that’s a nuisance.

You can use make dnsmasq use your ISP's DNS for only those domains and still use whatever you choose for everything else. Just put:

server=/*.netflix.com/*.nflximg.com/*.nflxvideo.com/1.2.3.4

in your /jffs/dnsmasq.conf.add file where 1.2.3.4 is your ISP's DNS. Make another line for Spotify and you're golden.

 

[dugaduga]

here is another example opennic.org wont load, but www.opennic.org will load.

 

[ColinTaylor]

here is another example opennic.org wont load, but www.opennic.org will load.

That one works for me. Have you tried disabling any unofficial add-on's, like ad-blockers and pixelserv, to check whether they are the cause of your problem?

 

[dugaduga]

@ColinTaylor, pixelserv & diversion don't cause any problem. Ok I disabled skynet and the problem went away.

 

[dugaduga]

Confirmed I re-enable skynet and the problem persists.

 

[sbsnb]

They have a round-robin DNS and at least one of the IPs is blocked by skynet.

 

[dugaduga]

Wow thank you sbsnb, never heard of round-robin dns before. Yes I just found that opennic.org is on a different ip than www.opennic.org, and one of the ips is on a blocklist, im not sure how that got there; does Skynet have an intrusion detection system that auto-bans things like this? or is it a blacklist / whitelist only model?


EDIT i notice skynet has banned multiple opennic.org ips, i whitelisted one and yet it still was blocked at another IP; what are the odds? why is this happening?

EDIT:
167.99.4.63 & 104.198.14.52

Edit: make that 3 so far:

142.93.122.177

 

[thelonelycoder]

Why do you trust that the regulations are properly enforced against all DNS providers? I'm genuinely curious.

This must be a Swiss thing. My country is not perfect, but some things are very good here.
That includes the laws and its enforcement and independent control mechanisms that work really well.

 

[Dabombber]

You can use make dnsmasq use your ISP's DNS for only those domains and still use whatever you choose for everything else. Just put:

server=/*.netflix.com/*.nflximg.com/*.nflxvideo.com/1.2.3.4

in your /jffs/dnsmasq.conf.add file where 1.2.3.4 is your ISP's DNS. Make another line for Spotify and you're golden.

dnamasq doesn't support wildcards like that. Just using the below would do.

server=/netflix.com/nflximg.com/nflxvideo.com/1.2.3.4

Spoiler

$ echo "server=/example.com/1.1.1.1" >> /jffs/configs/dnsmasq.conf.add
$ echo "server=/*.example.com/8.8.8.8" >> /jffs/configs/dnsmasq.conf.add
$ echo "server=/test.example.com/8.8.4.4" >> /jffs/configs/dnsmasq.conf.add
$ service restart_dnsmasq

Done.
$ nslookup example.com & nslookup foo.example.com & nslookup test.example.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34
Name:   example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find foo.example.com: NXDOMAIN

Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find test.example.com: NXDOMAIN

And from the dnsmasq log

using nameserver 8.8.4.4#53 for domain test.example.com
using nameserver 8.8.8.8#53 for domain *.example.com
using nameserver 1.1.1.1#53 for domain example.com
query[A] example.com from 127.0.0.1
forwarded example.com to 1.1.1.1
reply example.com is 93.184.216.34
query[AAAA] example.com from 127.0.0.1
forwarded example.com to 1.1.1.1
reply example.com is 2606:2800:220:1:248:1893:25c8:1946
query[A] foo.example.com from 127.0.0.1
forwarded foo.example.com to 1.1.1.1
query[A] test.example.com from 127.0.0.1
forwarded test.example.com to 8.8.4.4