[172408] in North American Network Operators' Group
Re: Client on OS X, Browsers ALL fail DNS Lookup off net Hosts,
daemon@ATHENA.MIT.EDU (Peter Beckman)
Wed Jun 18 11:47:50 2014
X-Original-To: nanog@nanog.org
Date: Wed, 18 Jun 2014 11:44:02 -0400
From: Peter Beckman <beckman@angryox.com>
To: Everett F Batey II Gi <efbatey@gmail.com>
In-Reply-To: <49662DAE-DE5E-4563-A417-ACD3EB60DFB5@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
1. It could be that DNS is working fine but port 80/443 is blocked or fil=
tered
when you leave the local LAN. New Firewall? Proxy authentication
required?
2. The DNS server (cat /etc/resolv.conf) that the Mac hosts are pointed t=
o
can resolve internal but cannot reach external DNS hosts due to the
upstream blocking DNS due to DNS amplification attacks (or bonehead
admin).
3. Your resolver has a static configuration pointed to an upstream DNS
server, and it has stopped responding and no backups are available.
4. Your resolver has a static configuration pointed to an upstream DNS
server, and the primary DNS upstream server is offline and you aren'=
t
waiting 60 seconds for it to fail to the next DNS server.
That's my off-the-cuff assessment.
On Wed, 18 Jun 2014, Everett F Batey II Gi wrote:
> Newly evolved problems
> (network has been good for years, no recent known upgrades, config ch=
anges):
> Clients on MAC OS X,
> Browsers ALL (FFox, Opera, Safari, Chrome) fail DNS Lookups for non-l=
ocal web servers,
> BUT: SMTP mail, POP, IMAP and shell commands (ping, trace route) fu=
lly OK
> AND: www.google.com and a very few .orgs resolve on web browsers.
> Connected via TWBC: RCWE, 13820 Sunrise Valley Drive, Herndon, Alloc=
ations for this OrgID serve Road Runner commercial customers out of the H=
onolulu, HI, Kansas City, KS, Orange, CA and San Diego, CA RDCs. (Probab=
ly Orange Co, CA)
> No, MAC has no nsswitch.conf .. to there.
> MAC HACKED ( ) DNS HACKED ( ) ISP FAILED fwdg DNS ( )
> OTHER IDEA, START POINT ____ Thnx
>
> =E2=80=94
> VR, Ev / efbatey@gmail.com / +1-805-616-2471
>
>
-------------------------------------------------------------------------=
--
Peter Beckman Internet G=
uy
beckman@angryox.com http://www.angryox.co=
m/
-------------------------------------------------------------------------=
--
