LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 04-19-2013, 05:40 PM   #1
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 804

Rep: Reputation: 157Reputation: 157
Unable to load www.frys.com in my browser


I've noticed for at least the past month that I can't access a particular web site, www.frys.com (IP address 209.31.22.39), from any system on my home network.

I've tried all of these browsers: Firefox, Konqueror, Sea Monkey, links, lynx, Internet Explorer, Chrome, and Chromium. All of them report being unable to find the server, or unknown host, or similar.

I run a named bind server on my system and a slave on another system on my LAN, so I thought it might be a problem with my name servers. So I stopped them both and updated my /etc/resolv.conf to point to a public nameserver (e.g., the Google servers at 8.8.8.8 and 8.8.4.4), and my ISP's DNS servers (Verizon, 68.238.96.12, 68.238.112.12), and it continued to fail.

I can do a traceroute to the frys.com IP address 209.31.22.39; it completes without hanging and looks normal as far as I can tell.

Code:
traceroute to 209.31.22.39 (209.31.22.39), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.486 ms  0.591 ms  0.705 ms
 2  L100.DLLSTX-VFTTP-49.verizon-gni.net (173.64.199.1)  7.374 ms  7.478 ms  7.449 ms
 3  G0-5-0-0.DLLSTX-LCR-22.verizon-gni.net (130.81.107.110)  7.497 ms  7.542 ms  7.583 ms
 4  so-4-1-0-0.DFW9-BB-RTR2.verizon-gni.net (130.81.151.244)  37.139 ms  37.251 ms  37.302 ms
 5  0.xe-7-1-0.BR2.DFW13.ALTER.NET (152.63.100.57)  37.350 ms  37.396 ms  37.443 ms
 6  204.255.168.202 (204.255.168.202)  19.644 ms  13.999 ms  14.052 ms
 7  207.88.14.242.ptr.us.xo.net (207.88.14.242)  21.395 ms  17.235 ms  17.169 ms
 8  vb12.rar3.la-ca.us.xo.net (207.88.12.46)  57.049 ms  57.200 ms  57.115 ms
 9  ae0d0.mcr2.fremont-ca.us.xo.net (216.156.0.142)  61.889 ms  52.433 ms  52.282 ms
10  216.55.31.158 (216.55.31.158)  54.705 ms  54.825 ms  54.857 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
According to various "is it down" web sites, frys.com is up and reachable for everyone else.

Since it doesn't seem to matter what DNS server I use for the lookup, and I can't access the site by IP address either, it doesn't appear to be a DNS problem.

A couple of weeks ago, I shut down my Verizon router overnight so I could get a new dynamic IP address. After I did that, I was able to access the frys.com website for a day or so. Then the problem returned.

What else might be the problem?


EDIT: Additional info.

Here is the output of a dig command for frys.com using my local name server. It fails.

Code:
dig @192.168.1.15  www.frys.com

; <<>> DiG 9.8.4-P2 <<>> @192.168.1.15 www.frys.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5581
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.frys.com.                  IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.15#53(192.168.1.15)
;; WHEN: Fri Apr 19 17:56:45 2013
;; MSG SIZE  rcvd: 30
Here is the results using the google public server at 8.8.8.8. It worked.

Code:
dig @8.8.8.8 www.frys.com

; <<>> DiG 9.8.4-P2 <<>> @8.8.8.8 www.frys.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.frys.com.                  IN      A

;; ANSWER SECTION:
www.frys.com.           3321    IN      A       209.31.22.39

;; Query time: 53 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Apr 19 17:57:02 2013
;; MSG SIZE  rcvd: 46
But even when I stop my name servers and try to resolve www.frys.com via Verizon's or Google's name servers, I still can't browse to www.frys.com.

When I use dig with +trace, I get this:

Code:
dig +trace @192.168.1.15  www.frys.com

; <<>> DiG 9.8.4-P2 <<>> +trace @192.168.1.15 www.frys.com
; (1 server found)
;; global options: +cmd
.                       501989  IN      NS      h.root-servers.net.
.                       501989  IN      NS      b.root-servers.net.
.                       501989  IN      NS      m.root-servers.net.
.                       501989  IN      NS      k.root-servers.net.
.                       501989  IN      NS      g.root-servers.net.
.                       501989  IN      NS      l.root-servers.net.
.                       501989  IN      NS      c.root-servers.net.
.                       501989  IN      NS      j.root-servers.net.
.                       501989  IN      NS      a.root-servers.net.
.                       501989  IN      NS      d.root-servers.net.
.                       501989  IN      NS      f.root-servers.net.
.                       501989  IN      NS      e.root-servers.net.
.                       501989  IN      NS      i.root-servers.net.
;; Received 512 bytes from 192.168.1.15#53(192.168.1.15) in 1420 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 490 bytes from 199.7.83.42#53(199.7.83.42) in 1285 ms

frys.com.               172800  IN      NS      ns1.frys.com.
frys.com.               172800  IN      NS      ns2.frys.com.
dig: couldn't get address for 'ns1.frys.com': no more
When I dig pointing to my router, which I believe just forwards to Verizon's DNS servers, I get this:

Code:
dig +trace @192.168.1.1  www.frys.com

; <<>> DiG 9.8.4-P2 <<>> +trace @192.168.1.1 www.frys.com
; (1 server found)
;; global options: +cmd
.                       3600    IN      NS      FWDR-12.FWDR-96.FWDR-238.FWDR-68.
.                       3600    IN      NS      FWDR-12.FWDR-112.FWDR-238.FWDR-68.
dig: couldn't get address for 'FWDR-12.FWDR-96.FWDR-238.FWDR-68': no more

Last edited by Z038; 04-19-2013 at 06:14 PM.
 
Old 04-19-2013, 06:37 PM   #2
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,479
Blog Entries: 6

Rep: Reputation: Disabled
try their "other" site - http://outpost.com/
or http://209.31.22.39 ?

or check it with hidemyass.com ?
 
Old 04-20-2013, 01:05 AM   #3
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 804

Original Poster
Rep: Reputation: 157Reputation: 157
Yes, I mentioned already that I'd tried the IP address. In fact, I tried all of the domains listed for DNS server ns1.frys.com at http://www.who.is/nameserver/ns1.frys.com/. All behave identically, including the bare IP address, which is to say that they all fail.

I had also tried hidemyass and similar proxy services. They do let me to get to the frys.com website, but none of them work well once I get there. When trying to do searches or clicking on links on the site, the proxy will soon fail. But accessing the site through a proxy doesn't solve anything for me and isn't especially important to me. I want to know why I can't access the site normally. I still suspect it may have something to do with my local name server configuration. If so, it could affect other sites besides frys. I want to understand the issue and correct it.

Last edited by Z038; 04-20-2013 at 01:08 AM.
 
Old 04-20-2013, 11:07 AM   #4
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,506

Rep: Reputation: 623Reputation: 623Reputation: 623Reputation: 623Reputation: 623Reputation: 623
Quote:
Originally Posted by Z038 View Post
I can do a traceroute to the frys.com IP address 209.31.22.39; it completes without hanging and looks normal as far as I can tell.

Code:
traceroute to 209.31.22.39 (209.31.22.39), 30 hops max, 60 byte packets
 .
 .
 .
 9  ae0d0.mcr2.fremont-ca.us.xo.net (216.156.0.142)  61.889 ms  52.433 ms  52.282 ms
10  216.55.31.158 (216.55.31.158)  54.705 ms  54.825 ms  54.857 ms
11  * * *
12  * * *
No, that trace died before reaching its destination. It made it to what appears to be the edge of Fry's network in XO-NET, but was then dropped. A properly completed traceroute would look like this:
Code:
traceroute to 209.31.22.39 (209.31.22.39), 30 hops max, 60 byte packets
 .
 .
 .
11  216.55.31.158 (216.55.31.158)  76.816 ms  76.755 ms  76.712 ms
12  block1.frys.com (209.31.22.2)  81.245 ms  84.728 ms  88.415 ms
13  block1.frys.com (209.31.22.2)  95.271 ms  91.762 ms  99.003 ms
$
I can only surmise that your IP address is for some reason blacklisted on Fry's servers. Sometimes the geolocation mapping for IP address blocks is incorrect. If you go to http://www.geoiptool.com/ does it perhaps show you as being in some banned country?

Last edited by rknichols; 04-20-2013 at 11:09 AM.
 
Old 04-20-2013, 01:22 PM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 804

Original Poster
Rep: Reputation: 157Reputation: 157
That's a cool tool. Thanks rknichols. But the geolocation data for my IP address is accurate, so that must not be the problem. I guess they are blocking my IP, specifically.

I have read that some nameservers don't like recursive queries. Based on the flags listed in the dig output, I think I'm configured for recursive based on the rd and ra flags. That must be a named.conf default for bind, since I didn't do anything to explicitly enable it. Perhaps I'll try turning that off and give it a try. I might have to get a new dynamic IP address from Verizon too, if frys is explicitly blocking my IP somewhere.
 
Old 04-20-2013, 06:26 PM   #6
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 804

Original Poster
Rep: Reputation: 157Reputation: 157
Turning off recursion on my local nameserver didn't help. Same results for frys.com, and even worse, other name resolution queries for hosts outside of my own zones didn't work either.

I ran tcpdump to see what it would capture when I tried to access the frys website from my browser. I see incorrect checksums, but I have no idea what it means.

Code:
root@nserver1:/var/log/iptraf# tcpdump -ni any -c 5 -vv dst host 209.31.22.39
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
18:21:10.965269 IP (tos 0x0, ttl 64, id 61705, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36780 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xba9d), seq 585411423, win 4380, options [mss 1460,sackOK,TS val 447961686 ecr 0,nop,wscale 6], length 0
18:21:11.215226 IP (tos 0x0, ttl 64, id 49317, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36781 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xc8ad), seq 591633397, win 4380, options [mss 1460,sackOK,TS val 447961936 ecr 0,nop,wscale 6], length 0
18:21:13.967193 IP (tos 0x0, ttl 64, id 61706, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36780 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xaee3), seq 585411423, win 4380, options [mss 1460,sackOK,TS val 447964688 ecr 0,nop,wscale 6], length 0
18:21:14.223193 IP (tos 0x0, ttl 64, id 49318, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36781 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0xbced), seq 591633397, win 4380, options [mss 1460,sackOK,TS val 447964944 ecr 0,nop,wscale 6], length 0
18:21:19.983193 IP (tos 0x0, ttl 64, id 61707, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.1.15.36780 > 209.31.22.39.80: Flags [S], cksum 0xa92c (incorrect -> 0x9763), seq 585411423, win 4380, options [mss 1460,sackOK,TS val 447970704 ecr 0,nop,wscale 6], length 0
5 packets captured
5 packets received by filter
0 packets dropped by kernel
 
Old 04-20-2013, 11:59 PM   #7
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,506

Rep: Reputation: 623Reputation: 623Reputation: 623Reputation: 623Reputation: 623Reputation: 623
Quote:
Originally Posted by Z038 View Post
Turning off recursion on my local nameserver didn't help. Same results for frys.com, and even worse, other name resolution queries for hosts outside of my own zones didn't work either.
Of course not. Without recursion, your nameserver will only answer for names for which it is authoritative.
Quote:
I ran tcpdump to see what it would capture when I tried to access the frys website from my browser. I see incorrect checksums, but I have no idea what it means.
Probably just means that checksum calculation has been offloaded to the NIC. See http://en.wikipedia.org/wiki/Transmi...ecksum_offload

I checked the reverse DNS for a couple of random addresses on your 173.64.199.0/24 network at http://www.dnsgoodies.com/ and didn't see anything strange. I'd be surprised if reverse DNS was the issue anyway. I don't know what else to suggest other than contacting Frys and asking why your IP address might be blocked.
 
Old 04-21-2013, 12:56 AM   #8
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 804

Original Poster
Rep: Reputation: 157Reputation: 157
I think you are right. I'll need to contact Frys. Thank you for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sudo for www user to run root shell script via browser kzcom Linux - General 11 09-15-2010 01:48 AM
Lynx WWW browser secure? Micro420 Linux - General 1 04-28-2006 10:31 PM
www.churchforums.com hanged in Mandriva 2006 browser TigerLinux Linux - Software 3 09-30-2005 08:23 AM
ipw2200 - Unable to load ucode, unable to load firmware blizinsk Linux - Wireless Networking 2 10-10-2004 08:28 AM
WWW browser Sherlwink Linux - Networking 1 04-02-2002 02:52 AM


All times are GMT -5. The time now is 12:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration