LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   Unable to load www.frys.com in my browser (http://www.linuxquestions.org/questions/general-10/unable-to-load-www-frys-com-in-my-browser-4175458813/)

Z038 04-19-2013 05:40 PM

Unable to load www.frys.com in my browser
 
I've noticed for at least the past month that I can't access a particular web site, www.frys.com (IP address 209.31.22.39), from any system on my home network.

I've tried all of these browsers: Firefox, Konqueror, Sea Monkey, links, lynx, Internet Explorer, Chrome, and Chromium. All of them report being unable to find the server, or unknown host, or similar.

I run a named bind server on my system and a slave on another system on my LAN, so I thought it might be a problem with my name servers. So I stopped them both and updated my /etc/resolv.conf to point to a public nameserver (e.g., the Google servers at 8.8.8.8 and 8.8.4.4), and my ISP's DNS servers (Verizon, 68.238.96.12, 68.238.112.12), and it continued to fail.

I can do a traceroute to the frys.com IP address 209.31.22.39; it completes without hanging and looks normal as far as I can tell.

Code:

traceroute to 209.31.22.39 (209.31.22.39), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.486 ms  0.591 ms  0.705 ms
 2  L100.DLLSTX-VFTTP-49.verizon-gni.net (173.64.199.1)  7.374 ms  7.478 ms  7.449 ms
 3  G0-5-0-0.DLLSTX-LCR-22.verizon-gni.net (130.81.107.110)  7.497 ms  7.542 ms  7.583 ms
 4  so-4-1-0-0.DFW9-BB-RTR2.verizon-gni.net (130.81.151.244)  37.139 ms  37.251 ms  37.302 ms
 5  0.xe-7-1-0.BR2.DFW13.ALTER.NET (152.63.100.57)  37.350 ms  37.396 ms  37.443 ms
 6  204.255.168.202 (204.255.168.202)  19.644 ms  13.999 ms  14.052 ms
 7  207.88.14.242.ptr.us.xo.net (207.88.14.242)  21.395 ms  17.235 ms  17.169 ms
 8  vb12.rar3.la-ca.us.xo.net (207.88.12.46)  57.049 ms  57.200 ms  57.115 ms
 9  ae0d0.mcr2.fremont-ca.us.xo.net (216.156.0.142)  61.889 ms  52.433 ms  52.282 ms
10  216.55.31.158 (216.55.31.158)  54.705 ms  54.825 ms  54.857 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

According to various "is it down" web sites, frys.com is up and reachable for everyone else.

Since it doesn't seem to matter what DNS server I use for the lookup, and I can't access the site by IP address either, it doesn't appear to be a DNS problem.

A couple of weeks ago, I shut down my Verizon router overnight so I could get a new dynamic IP address. After I did that, I was able to access the frys.com website for a day or so. Then the problem returned.

What else might be the problem?


EDIT: Additional info.

Here is the output of a dig command for frys.com using my local name server. It fails.

Code:

dig @192.168.1.15  www.frys.com

; <<>> DiG 9.8.4-P2 <<>> @192.168.1.15 www.frys.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5581
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.frys.com.                  IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.15#53(192.168.1.15)
;; WHEN: Fri Apr 19 17:56:45 2013
;; MSG SIZE  rcvd: 30

Here is the results using the google public server at 8.8.8.8. It worked.

Code:

dig @8.8.8.8 www.frys.com

; <<>> DiG 9.8.4-P2 <<>> @8.8.8.8 www.frys.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.frys.com.                  IN      A

;; ANSWER SECTION:
www.frys.com.          3321    IN      A      209.31.22.39

;; Query time: 53 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Apr 19 17:57:02 2013
;; MSG SIZE  rcvd: 46

But even when I stop my name servers and try to resolve www.frys.com via Verizon's or Google's name servers, I still can't browse to www.frys.com.

When I use dig with +trace, I get this:

Code:

dig +trace @192.168.1.15  www.frys.com

; <<>> DiG 9.8.4-P2 <<>> +trace @192.168.1.15 www.frys.com
; (1 server found)
;; global options: +cmd
.                      501989  IN      NS      h.root-servers.net.
.                      501989  IN      NS      b.root-servers.net.
.                      501989  IN      NS      m.root-servers.net.
.                      501989  IN      NS      k.root-servers.net.
.                      501989  IN      NS      g.root-servers.net.
.                      501989  IN      NS      l.root-servers.net.
.                      501989  IN      NS      c.root-servers.net.
.                      501989  IN      NS      j.root-servers.net.
.                      501989  IN      NS      a.root-servers.net.
.                      501989  IN      NS      d.root-servers.net.
.                      501989  IN      NS      f.root-servers.net.
.                      501989  IN      NS      e.root-servers.net.
.                      501989  IN      NS      i.root-servers.net.
;; Received 512 bytes from 192.168.1.15#53(192.168.1.15) in 1420 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 490 bytes from 199.7.83.42#53(199.7.83.42) in 1285 ms

frys.com.              172800  IN      NS      ns1.frys.com.
frys.com.              172800  IN      NS      ns2.frys.com.
dig: couldn't get address for 'ns1.frys.com': no more

When I dig pointing to my router, which I believe just forwards to Verizon's DNS servers, I get this:

Code:

dig +trace @192.168.1.1  www.frys.com

; <<>> DiG 9.8.4-P2 <<>> +trace @192.168.1.1 www.frys.com
; (1 server found)
;; global options: +cmd
.                      3600    IN      NS      FWDR-12.FWDR-96.FWDR-238.FWDR-68.
.                      3600    IN      NS      FWDR-12.FWDR-112.FWDR-238.FWDR-68.
dig: couldn't get address for 'FWDR-12.FWDR-96.FWDR-238.FWDR-68': no more


Habitual 04-19-2013 06:37 PM

try their "other" site - http://outpost.com/
or http://209.31.22.39 ?

or check it with hidemyass.com ?

Z038 04-20-2013 01:05 AM

Yes, I mentioned already that I'd tried the IP address. In fact, I tried all of the domains listed for DNS server ns1.frys.com at http://www.who.is/nameserver/ns1.frys.com/. All behave identically, including the bare IP address, which is to say that they all fail.

I had also tried hidemyass and similar proxy services. They do let me to get to the frys.com website, but none of them work well once I get there. When trying to do searches or clicking on links on the site, the proxy will soon fail. But accessing the site through a proxy doesn't solve anything for me and isn't especially important to me. I want to know why I can't access the site normally. I still suspect it may have something to do with my local name server configuration. If so, it could affect other sites besides frys. I want to understand the issue and correct it.

rknichols 04-20-2013 11:07 AM

Quote:

Originally Posted by Z038 (Post 4934961)
I can do a traceroute to the frys.com IP address 209.31.22.39; it completes without hanging and looks normal as far as I can tell.

Code:

traceroute to 209.31.22.39 (209.31.22.39), 30 hops max, 60 byte packets
 .
 .
 .
 9  ae0d0.mcr2.fremont-ca.us.xo.net (216.156.0.142)  61.889 ms  52.433 ms  52.282 ms
10  216.55.31.158 (216.55.31.158)  54.705 ms  54.825 ms  54.857 ms
11  * * *
12  * * *


No, that trace died before reaching its destination. It made it to what appears to be the edge of Fry's network in XO-NET, but was then dropped. A properly completed traceroute would look like this:
Code:

traceroute to 209.31.22.39 (209.31.22.39), 30 hops max, 60 byte packets
 .
 .
 .
11  216.55.31.158 (216.55.31.158)  76.816 ms  76.755 ms  76.712 ms
12  block1.frys.com (209.31.22.2)  81.245 ms  84.728 ms  88.415 ms
13  block1.frys.com (209.31.22.2)  95.271 ms  91.762 ms  99.003 ms
$

I can only surmise that your IP address is for some reason blacklisted on Fry's servers. Sometimes the geolocation mapping for IP address blocks is incorrect. If you go to http://www.geoiptool.com/ does it perhaps show you as being in some banned country?

Z038 04-20-2013 01:22 PM

That's a cool tool. Thanks rknichols. But the geolocation data for my IP address is accurate, so that must not be the problem. I guess they are blocking my IP, specifically.

I have read that some nameservers don't like recursive queries. Based on the flags listed in the dig output, I think I'm configured for recursive based on the rd and ra flags. That must be a named.conf default for bind, since I didn't do anything to explicitly enable it. Perhaps I'll try turning that off and give it a try. I might have to get a new dynamic IP address from Verizon too, if frys is explicitly blocking my IP somewhere.

Z038 04-20-2013 06:26 PM

Turning off recursion on my local nameserver didn't help. Same results for frys.com, and even worse, other name resolution queries for hosts outside of my own zones didn't work either.

I ran tcpdump to see what it would capture when I tried to access the frys website from my browser. I see incorrect checksums, but I have no idea what it means.

Code:

root@nserver1:/var/log/iptraf# tcpdump -ni any -c 5 -vv dst host 209.31.22.39
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
18:21:10.965269 IP (tos 0x0, ttl 64, id 61705, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36780 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xba9d), seq 585411423, win 4380, options [mss 1460,sackOK,TS val 447961686 ecr 0,nop,wscale 6], length 0
18:21:11.215226 IP (tos 0x0, ttl 64, id 49317, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36781 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xc8ad), seq 591633397, win 4380, options [mss 1460,sackOK,TS val 447961936 ecr 0,nop,wscale 6], length 0
18:21:13.967193 IP (tos 0x0, ttl 64, id 61706, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36780 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xaee3), seq 585411423, win 4380, options [mss 1460,sackOK,TS val 447964688 ecr 0,nop,wscale 6], length 0
18:21:14.223193 IP (tos 0x0, ttl 64, id 49318, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36781 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xbced), seq 591633397, win 4380, options [mss 1460,sackOK,TS val 447964944 ecr 0,nop,wscale 6], length 0
18:21:19.983193 IP (tos 0x0, ttl 64, id 61707, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36780 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0x9763), seq 585411423, win 4380, options [mss 1460,sackOK,TS val 447970704 ecr 0,nop,wscale 6], length 0
5 packets captured
5 packets received by filter
0 packets dropped by kernel


rknichols 04-20-2013 11:59 PM

Quote:

Originally Posted by Z038 (Post 4935524)
Turning off recursion on my local nameserver didn't help. Same results for frys.com, and even worse, other name resolution queries for hosts outside of my own zones didn't work either.

Of course not. Without recursion, your nameserver will only answer for names for which it is authoritative.
Quote:

I ran tcpdump to see what it would capture when I tried to access the frys website from my browser. I see incorrect checksums, but I have no idea what it means.
Probably just means that checksum calculation has been offloaded to the NIC. See http://en.wikipedia.org/wiki/Transmi...ecksum_offload

I checked the reverse DNS for a couple of random addresses on your 173.64.199.0/24 network at http://www.dnsgoodies.com/ and didn't see anything strange. I'd be surprised if reverse DNS was the issue anyway. I don't know what else to suggest other than contacting Frys and asking why your IP address might be blocked.

Z038 04-21-2013 12:56 AM

I think you are right. I'll need to contact Frys. Thank you for your help.


All times are GMT -5. The time now is 01:22 AM.