An odd Issue - Spotify / Google? is blocked
-
Hello,
Im having an odd issue here, I noticed it a few days back. I couldnt play any songs on Spotify, only those that had been downloaded.
I thought it was temporary, but then I couldnt do it on my phone either, or on my work laptop. Something odd is happening here.
The only thing I've been doin is playing around with ntopng, but I have removed it now because of troubleshooting.I need help, I need my music. And most scary of all, my wife needs it and she will be home in a few days
Any ideas?
Error page in the browser (I can access outside my LAN).
Nslookup
DNS-settings
WAN
LAN
-
Are you running pfblocker or any adblocker on the system?
-
Nope.
No pfblocker, no AD-blocker.Only packages are wireguard and openvpn client export.
I tried putting 1.1.1.1 as my DNS server on my PC, but no success. -
@sp00ky Can you delete any DNS and try again?
-
@cool_corona
Tried it, didnt work.
I let the DHCP (WAN) choose, but no success again.
I tried google DNS, cloudflare. -
@sp00ky I know youre not the only one.... I have issues intermittently too.
google.com gets blocked but google.de or google.ch works fine....
Can you try any of those?
-
From what I can see, its not google.
I think spotify is hosted at Google?all the google sites work.
-
These :
If you suspect DNS issues, I advise you eliminate all third parties.
The first image : wipe them all. This is the default.
The second image : When checking "DNS server override" pfSene will use the DNS info received when establishing the uplink to your ISP. This means you'll be using the DNS servers that your ISP suggested. This method is what our ISP rouyters use, very popular in the past.What pfSense does, out of the box : it resolves. This means that it uses one or more main root DNS servers. There are 13 of them. IPv and IPv6 The addresses are build in, as they are very fixed and static. These main servers know where to find all the com org net us, any known TLD name servers. All these tld servers are cloned all over the place, so there is always one near by. One goes down ? No problem, another one will do the job.
These tld servers maintain the domain name records that are accessible by the registrar : when you rent a domain name, the registrar writes into the tld the domain name and the domain name servers of your domain name. There must be at least 2 domain name servers. These domain name servers of a domain name can tell you (pfSense, your browser etc) what the IPv4 is for a given domain, what the MX is, the IPv6, or an alias, or whatever TXT field.If you can not resolve spotify.com : use nslookup and siwth to trace mode, or use the console access on pfSEnse, and ask for 'why ?' :
dig @127.0.0.1 spotify.com +traceKnowing that spotify is not a small player on the Internet, there must be an answer.
No or wrong answer means :
Your uplink is bad,
Your ISP has peering issues ?
Your ISP, or someone upstream, is changing your DNS requests ?
The resolver, unbound has issues ? ( check the pfSense resolver logs )
And last, but not least, facebook has learned us that even the big companies themselves can have 'internal' issues that removes the access to all of their own domain name servers.The biggest bottleneck is always : your uplink - and anything close to that uplink.
pfSense, the resolver, on an average box, can handle you thousands of DNS requests and answers a second. These have to 'fit' over the uplink. Your ISP will route them then to the DNS server the resolver chose to work with.This method is created, tested, by billions, and this is done over 30 or 40 years.
Of course, you could use some external DNS server, like 8.8.1.1 - or the DNS server of your ISP. Just say to yourself : why would do these servers exist, knowing that they cost (hundreds of) millions every year to maintain ?
8.8.1.1 is a resolver, just like the one pfSense uses. So my thoughts are : when doubt, use the shortest road, exclude all non needed factors.Btw : I excluded local problems like a bad WAN interface of pfSense. You mentioned one domain name, and not overall bad 'access quality'.
