1
24.1 Production Series / Two web sites won't load -- traceroute doesn't reach them
« on: March 20, 2024, 04:53:57 am »
We are able to reach any website we've tried except bankofamerica.com and brother-usa.com. We've been using OPNsense for nearly a year, and we haven't had any problems reaching bankofamerica.com until recently.
(Omitting hops 11-30 as they are all "***". "traceroute 171.159.228.150" also stops at 107.162.79.1.)
As for brother-usa.com, traceroute reports a few hops, all of which have whois records with domains belonging to our ISP.
I have Unbound DNS enabled with DNS over TLS pointing to 1.1.1.2, 1.0.0.2, and their two IPv6 counterparts.
We have two ISPs: Verizon Fios and Comcast. All of the above is from Verizon Fios with which we use OPNsense. We are able to access both websites when using Comcast with which we are using the Comcast-supplied router.
Is DNS working? Why won't these websites load?
Thank you.
Code: [Select]
me@my-desktop:~$ dig bankofamerica.com
; <<>> DiG 9.18.24 <<>> bankofamerica.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29948
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;bankofamerica.com. IN A
;; ANSWER SECTION:
bankofamerica.com. 341 IN A 171.161.148.150
bankofamerica.com. 341 IN A 171.159.228.150
;; Query time: 40 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue Mar 19 23:24:52 EDT 2024
;; MSG SIZE rcvd: 78
me@my-desktop:~$ traceroute 171.161.148.150
traceroute to 171.161.148.150 (171.161.148.150), 30 hops max, 60 byte packets
1 _gateway ([private network IP redacted]) 0.392 ms 0.265 ms 0.180 ms
2 [My ISP redacted] 5.137 ms 4.998 ms 4.101 ms
3 [My ISP redacted] 4.899 ms 4.821 ms [My ISP redacted] 4.989 ms
4 * * *
5 ash-b2-link.ip.twelve99.net (80.239.135.178) 9.254 ms 9.956 ms *
6 f5inc-ic-382043.ip.twelve99-cust.net (62.115.178.73) 9.303 ms 7.609 ms 7.589 ms
7 * * *
8 107.162.79.1 (107.162.79.1) 10.544 ms 10.458 ms 9.974 ms
9 107.162.79.1 (107.162.79.1) 8.501 ms 9.249 ms 8.456 ms
10 * * *
(Omitting hops 11-30 as they are all "***". "traceroute 171.159.228.150" also stops at 107.162.79.1.)
As for brother-usa.com, traceroute reports a few hops, all of which have whois records with domains belonging to our ISP.
I have Unbound DNS enabled with DNS over TLS pointing to 1.1.1.2, 1.0.0.2, and their two IPv6 counterparts.
We have two ISPs: Verizon Fios and Comcast. All of the above is from Verizon Fios with which we use OPNsense. We are able to access both websites when using Comcast with which we are using the Comcast-supplied router.
Is DNS working? Why won't these websites load?
Thank you.