1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Unable to browse to certain domain names

Discussion in 'Asuswrt-Merlin' started by dugaduga, Dec 19, 2018.

  1. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    Yes I can access my router. No blocks appearing in diversion/skynet.

    With DNS bind protection on I am not seeing dnsmasq logging DNS requests for websites starting with 192.* pinging works however, (even after restarting dnsmasq to clear cache) and wireshark shows the DNS query ip is accurate, but the websites will not respond to outgoing https requests.

    With DNS bind protection off, it appears dnsmasq logs the IP but still, the ip does not respond, it just sits there like there is perhaps some kind of upstream 192.* block or spoofing going on.

    the websites: linuxmint.com, opdeepstate.com
    --- linuxmint.com ping statistics ---
    64 bytes from 192.124.249.9: seq=3 ttl=58 time=52.646 ms
    64 bytes from 192.124.249.9: seq=4 ttl=58 time=54.579 ms

    PING opdeepstate.com (192.124.249.114): 56 data bytes
    64 bytes from 192.124.249.114: seq=0 ttl=58 time=57.065 ms
    64 bytes from 192.124.249.114: seq=1 ttl=58 time=62.328 ms
    64 bytes from 192.124.249.114: seq=2 ttl=58 time=52.256 ms

    Pings respond. I see an https packet request or two in wireshark going to these IPs via chrome but no response. I have no idea what is going on here. I had this mysterious issue come and go before, now its back again. I blv this occurred with the ISP router as well, prior to the asuswrt.

    Middlebox man / spoofer? Misconfigured ISP Node? Router issue? Any ideas?
     
    Last edited by a moderator: Dec 19, 2018
  2. AndreiV

    AndreiV Very Senior Member

    Joined:
    Aug 25, 2015
    Messages:
    603
    Location:
    пішли на риболовлю
    Both sites load using the www. url but bot throw a misconfigured firewall notice using the IP addresses.

    http://192.124.249.114

     
  3. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
  4. NGRhodes

    NGRhodes Regular Contributor

    Joined:
    Oct 3, 2014
    Messages:
    87
    Location:
    West Yorkshire, UK.
    Sucuri is a proxy-security service similar concept to Cloudflare and it looks like the site behind this proxy is not working.
     
    dugaduga likes this.
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,844
    Location:
    Canada
    Websites can rarely be accessed by their IP addresses nowadays, as often multiple websites share the same IP. The web server will need to be told which website is being accessed.
     
  6. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    @RMerlin, for clarification, if the website itself is located on a domain that uses an IP of 192.* I can't connect to it through a browser; Happens using standard host domain names (linuxmint.com) or ip addresses! Pings are the only things that respond. This was also happening with my ISP router prior to using AsusWRT, around the time I started tinkering with using VPNs. This issue has come and went before, now its back again.
     
    Last edited by a moderator: Dec 19, 2018
  7. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    Ok, cannot access https://kurtzimmermann.com either which starts with 109, this is happening a lot with a lot of websites, seeing no blocks in diversion or skynet!
     
  8. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,012
    Location:
    United States
    Your ISP may be handing you a blacklisted address. Try powering down both the modem and router for 15-30 minutes to get a new ip.
     
    dugaduga likes this.
  9. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    I tried a wget from the router to download https://www.linuxmint.com/pictures/screenshots/tessa/thumb_mate.png
    It downloaded successfully from the router itself; wont open in browsers though; what does this suggest to you?
     
  10. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    I'm using acrylic dns resolver as an alternative to windows dns client and limiting the types of queries possible. its returning an A result in reverse as a PTR; maybe this is the key, though ptr is disabled on the router; i enabled it on the router and these sites were still not working, ill try messing with acrylic a bit

    pinging from windows gets the proper responses

    2018-12-20 23:29:05.505 TDnsResolver.Execute: Request ID 53921 forwarded to server 192.168.50.1:53.
    2018-12-20 23:29:05.509 TDnsResolver.Execute: Response ID 53921 received from server 192.168.50.1:53 [RC=0;QDC=1;ANC=1;Q[1]=www.linuxmint.com;T[1]=A;A[1]=www.linuxmint.com>9.249.124.192;Z=D2A18180000100010000000003777777096C696E75786D696E7403636F6D0000010001C00C00010001000001390004C07CF909].
     
  11. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    Tried enabling all dns queries, no dns caching, no luck! disabled acrylic. its working on the iphone with ptr (all arpa) disabled at the router level. windows firewall logs not stating anything. firefox, chrome and others cannot connect; hosts file is clean. bridged xp vm can connect to linuxmint.com. So its a pc issue! doy. can't figure it out though, this is a strange mystery.
     
    Last edited: Dec 20, 2018
  12. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    does a bridged vm use the same tcpip stack as the host machine? or just the adapter?
     
    Last edited: Dec 20, 2018
  13. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    122
    What can cause this:
    • Problem with DNS server or DNS records; (working fine)
    • Incorrect TCP/IP stack settings; (reset tcpip/winsock , problem remains)
    • Incorrect entries in the hosts file; (its clean)
    • Your computer may be infected with a virus or malware; (doubt it muchly)
    • The browser or plugins are misconfigured; (all browsers affected)
    • Routing table error; (reset routing table, still problematic)
    • Wrong MTU size. (its @ 1500)
    • AV (only using Windows Defender)
    Could it be due to one of these settings? (i tried enabling domainnamedevolution, with no success) XP VM is using the same TCPIP settings and is not affected.

    [​IMG]
     
    Last edited: Dec 21, 2018