What's new

Unable to browse to certain domain names

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dugaduga

Senior Member
Yes I can access my router. No blocks appearing in diversion/skynet.

With DNS bind protection on I am not seeing dnsmasq logging DNS requests for websites starting with 192.* pinging works however, (even after restarting dnsmasq to clear cache) and wireshark shows the DNS query ip is accurate, but the websites will not respond to outgoing https requests.

With DNS bind protection off, it appears dnsmasq logs the IP but still, the ip does not respond, it just sits there like there is perhaps some kind of upstream 192.* block or spoofing going on.

the websites: linuxmint.com, opdeepstate.com
--- linuxmint.com ping statistics ---
64 bytes from 192.124.249.9: seq=3 ttl=58 time=52.646 ms
64 bytes from 192.124.249.9: seq=4 ttl=58 time=54.579 ms

PING opdeepstate.com (192.124.249.114): 56 data bytes
64 bytes from 192.124.249.114: seq=0 ttl=58 time=57.065 ms
64 bytes from 192.124.249.114: seq=1 ttl=58 time=62.328 ms
64 bytes from 192.124.249.114: seq=2 ttl=58 time=52.256 ms

Pings respond. I see an https packet request or two in wireshark going to these IPs via chrome but no response. I have no idea what is going on here. I had this mysterious issue come and go before, now its back again. I blv this occurred with the ISP router as well, prior to the asuswrt.

Middlebox man / spoofer? Misconfigured ISP Node? Router issue? Any ideas?
 
Last edited by a moderator:
Both sites load using the www. url but bot throw a misconfigured firewall notice using the IP addresses.

http://192.124.249.114

Sucuri Website Firewall - Not Configured
The site you are visiting is using Sucuri Website Firewall. And for some reason it is not configured properly. If you are the site owner, please open a ticket here asap for us to look at it for you: https://support.sucuri.net. If you are visiting the site please try again in a few minutes.

Error Details:
Your IP: 95.xxx.xx.xx
URL: 192.124.249.114/
Your Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 OPR/57.0.3098.102
Time: 2018-12-19 06:14:56
Server ID: 13014
 
Sucuri is a proxy-security service similar concept to Cloudflare and it looks like the site behind this proxy is not working.
 
Both sites load using the www. url but bot throw a misconfigured firewall notice using the IP addresses.

http://192.124.249.114

Websites can rarely be accessed by their IP addresses nowadays, as often multiple websites share the same IP. The web server will need to be told which website is being accessed.
 
@RMerlin, for clarification, if the website itself is located on a domain that uses an IP of 192.* I can't connect to it through a browser; Happens using standard host domain names (linuxmint.com) or ip addresses! Pings are the only things that respond. This was also happening with my ISP router prior to using AsusWRT, around the time I started tinkering with using VPNs. This issue has come and went before, now its back again.
 
Last edited by a moderator:
This was also happening with my ISP router prior to using AsusWRT, around the time I started tinkering with using VPNs. This issue has come and went before, now its back again.
Your ISP may be handing you a blacklisted address. Try powering down both the modem and router for 15-30 minutes to get a new ip.
 
I'm using acrylic dns resolver as an alternative to windows dns client and limiting the types of queries possible. its returning an A result in reverse as a PTR; maybe this is the key, though ptr is disabled on the router; i enabled it on the router and these sites were still not working, ill try messing with acrylic a bit

pinging from windows gets the proper responses

2018-12-20 23:29:05.505 TDnsResolver.Execute: Request ID 53921 forwarded to server 192.168.50.1:53.
2018-12-20 23:29:05.509 TDnsResolver.Execute: Response ID 53921 received from server 192.168.50.1:53 [RC=0;QDC=1;ANC=1;Q[1]=www.linuxmint.com;T[1]=A;A[1]=www.linuxmint.com>9.249.124.192;Z=D2A18180000100010000000003777777096C696E75786D696E7403636F6D0000010001C00C00010001000001390004C07CF909].
 
Tried enabling all dns queries, no dns caching, no luck! disabled acrylic. its working on the iphone with ptr (all arpa) disabled at the router level. windows firewall logs not stating anything. firefox, chrome and others cannot connect; hosts file is clean. bridged xp vm can connect to linuxmint.com. So its a pc issue! doy. can't figure it out though, this is a strange mystery.
 
Last edited:
does a bridged vm use the same tcpip stack as the host machine? or just the adapter?
 
Last edited:
What can cause this:
  • Problem with DNS server or DNS records; (working fine)
  • Incorrect TCP/IP stack settings; (reset tcpip/winsock , problem remains)
  • Incorrect entries in the hosts file; (its clean)
  • Your computer may be infected with a virus or malware; (doubt it muchly)
  • The browser or plugins are misconfigured; (all browsers affected)
  • Routing table error; (reset routing table, still problematic)
  • Wrong MTU size. (its @ 1500)
  • AV (only using Windows Defender)
Could it be due to one of these settings? (i tried enabling domainnamedevolution, with no success) XP VM is using the same TCPIP settings and is not affected.

HSHA0rg.png
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top