Really Odd TCP/IP Issue - Help!

[Marvin Miller]

Hi;

I've got a really weird issue going on that I've run into in the past but
not been able to fix. Recently I formatted my system and after a few weeks
the issue is back.

What's happening is that I cannot access my own website hosted in the
states. I
can't FTP into it, HTTP into it or POP3 into it. It IS up and running and
people all over the world can see it. I can trace a route to it and it
responds. This is the only site I can't
access (my own).

I'm running Windows 2000 ADVSR w/DNS on a cable connection. I tried
eliminating DNS by using my ISP's servers - no joy.
I checked my hosts file - it's OK
I reset my LinkSys router - no joy
I checked with my host and truly verified the site is up - it is -
guaranteed.
I checked with my ISP - they can access it.

It seems that Windows 2000 Server can't access my own website, either
through FTP, Mail or Web. I can trace a route to it (so it shouldn't be a
DNS issue) and have eliminated DNS issues by using the ISP's servers. I've
killed my browsers cache (IE) and set it to empty on exit. My hosts file is
OK and I tried a ipconfig /flushdns - no joy.

The only way I can access my website through IE is by using my ISP's proxy
server!! That way I can access it. I can access any other sites - no
problems - it's only my own.

What the heck is going on? This is the strangest thing I have ever seen.
Help!
Marvin

 

[Herb Martin]

Hi;

I've got a really weird issue going on that I've run into in the past but
not been able to fix. Recently I formatted my system and after a few weeks
the issue is back.

What's happening is that I cannot access my own website hosted in the
states. I
can't FTP into it, HTTP into it or POP3 into it. It IS up and running and
people all over the world can see it. I can trace a route to it and it
responds. This is the only site I can't
access (my own).

Problems by name or also by IP addresses?

What about Telnet on ports 21, 80, or 110? Using IP address?
(Netcat is better for such tests but not included on Windows systems.)

I'm running Windows 2000 ADVSR w/DNS on a cable connection. I tried
eliminating DNS by using my ISP's servers - no joy.

Why? Is this ONLY a DNS issue or also an IP problem?

Does this connect (substitute your IP): http://68.178.144.167

I checked my hosts file - it's OK
I reset my LinkSys router - no joy

Why? If it's a DNS issue the router is unlikely to have any
bearing....

I checked with my host and truly verified the site is up - it is -
guaranteed.

What site so we can check it too?

I checked with my ISP - they can access it.

It seems that Windows 2000 Server can't access my own website, either
through FTP, Mail or Web. I can trace a route to it (so it shouldn't be a
DNS issue)

Not if you can tracert to it by using the name.

But this also mostly eliminates your router and other connectivity
issues (unless there is some odd filter) that lets ICMP (ping, tracert)
through but blocks more common ports (http, ftp, pop.)

and have eliminated DNS issues by using the ISP's servers. I've
killed my browsers cache (IE) and set it to empty on exit. My hosts file is
OK and I tried a ipconfig /flushdns - no joy.

The only way I can access my website through IE is by using my ISP's proxy
server!! That way I can access it. I can access any other sites - no
problems - it's only my own.

What proxies do you have, any?

What happens when you use:

telnet SITE_IP 80
(blank screen is GOOD)
GET / HTTP/1.0 <enter><enter>

(No backspaces or typing mistakes allowed usually)

What the heck is going on? This is the strangest thing I have ever seen.

I saw one of these the other day (remotely helping someone in India) and
all normal checks failed to resolve it, but we aren't close to that yet.

Help!

What specifically do you type? What specific errors do you receive?

Try IP versus DNS name in the IE URL edit box.

 

[Guest]

Hi Herb;

Thanks for the reply!

Telnetting into any of the ports gives an unable to connect error.
I can't reach anything whether I use the IP address or the FQDN.
Any request always resolves to the proper IP address and then times out.
This only happens on my own site - I can reach anything and everything else

The site's been up for years so DNS entries are fully propagated.
The machine is clean and virus/malware free- it's a recent format.
The site askmarvin.ca

I can trace a route to it from a DOS prompt and I can connect with my
browser but only through my ISP's proxy (they are private internal machines).

I'm lost. I can't see any reason for this to happen at all. It makes zero
sense!

Best & Thanks;
Marvin

 

[Guest]

Herb;

I got it cased! It seems that if I change the IP address that my ISP gave me
I can then access everything again. I had been running on that IP address for
months and I'm wondering if they blocked access to my site - and only on that
IP.

It's pretty weird but the fact is that everything works now and the solution
was a new IP address. Strange but true.

Best & Thanks;
Marvin

 

[Herb Martin]

Hi Herb;

Thanks for the reply!

Telnetting into any of the ports gives an unable to connect error.

Ok you have proven that it is NOT an "IE Only" issue.

I can't reach anything whether I use the IP address or the FQDN.

Ok, you have shown it is an IP routing or filtering problem.

Any request always resolves to the proper IP address and then times out.

You have eliminated DNS as the cause.

This only happens on my own site - I can reach anything and everything else


The site's been up for years so DNS entries are fully propagated.

You eliminated DNS above -- the IP resolves correctly. Ignore
DNS unless you aren't telling us something.

The machine is clean and virus/malware free- it's a recent format.
The site askmarvin.ca

Give us the IP address you think is correct...

I see: 72.22.69.18

http://www.dnsreport.com/tools/dnsreport.ch?domain=askmarvin.ca

You have some problems with your public DNS setup (ignore the warning
about Glue probably):

http://www.dnsreport.com/tools/dnsreport.ch?domain=askmarvin.ca

(But the following failure doesn't seem to actually return any incorrect
information):
FAIL: You have one or more missing (stealth) nameservers. The following
nameserver(s) are listed (at your nameservers) as nameservers for your
domain, but are not listed at the the parent nameservers (therefore, they
may or may not get used, depending on whether your DNS servers return them
in the authority section for other requests, per RFC2181 5.4.1). You need to
make sure that these stealth nameservers are working; if they are not
responding, you may have serious problems! The DNS Report will not query
these servers, so you need to be very careful that they are working
properly.

I can trace a route to it from a DOS prompt and I can connect with my
browser but only through my ISP's proxy (they are private internal

machines).

So you have proven that general routing is NOT the issue. And again
eliminated
IE as the direct cause (through the proxy works and even telnet does NOT.)

I'm lost. I can't see any reason for this to happen at all. It makes zero
sense!

That telnet and IE fail while ICMP tests and Proxy connections work strongly
implies a Firewall/Proxy or other filtering software or device is blocking
it.

What local (personal) firewall might you be running? (Norton etc.)

What Proxies or filtering routers might you be passing (other than the one
that
works)?

Even NAT servers might be involved....

 

[Herb Martin]

I got it cased! It seems that if I change the IP address that my ISP gave
me

I can then access everything again. I had been running on that IP address for
months and I'm wondering if they blocked access to my site - and only on that
IP.

It's pretty weird but the fact is that everything works now and the solution
was a new IP address. Strange but true.

That jibes with my last analysis in this thread.

You had (have) a filter in there somewhere.