Unable to browse certain websites

tscengr · Dec 14, 2023, 12:31 AM

Sorry for the incomplete info. The reason why it lead me to DNS is because when I statically assign Google DNS it went through. Currently the DNS server assigned on the Netgate 3100 are the following:

208.67.222.222 - OpenDNS
208.67.220.220 - OpenDNS
8.8.8.8 - Google DNS

I did a Diagnostics > DNSLookup and the screenshot shows below

Also, they have a branch office and issue is not happening but it does have a response for 127.0.0.1 not like the uploaded image where it shows 'No Response' for 127.0.0.1

Already rebooted the pfsense hardware but still the same

Jeff

tscengr · Dec 14, 2023, 9:33 PM

@SteveITS said in Unable to browse certain websites:

@tscengr see https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html

Any info would help. DNS correct or no? Squarespace, by chance?

Hardware is: NetGate 3100

stephenw10 · Dec 14, 2023, 1:27 AM

Ok, so localhost there (127.0.0.1) is not responding. That's Unbound on the firewall which is what LAN side clients are passed to use by default.

So is Unbound running? Check Status > Services.

Is it using the default settings?

tscengr · Dec 14, 2023, 1:27 AM

@stephenw10

I just did another DNSLookup and this time it now has a response. I went to Dagnostics > Services and UNbound DNS Resolver has a green check though I didn't check this earlier since newbiew to pfsense/ Let me ask if it's now working or still an issue. Thanks for all the help

Jeff

tscengr · Dec 14, 2023, 8:21 AM

@stephenw10

even though it now shows a response, still unable to browse the site.Unbound is running and has a green check

Jeff

stephenw10 · Dec 14, 2023, 1:07 PM

Ok, so is DNS failing at the client?

What error is shown when you try to go to the site?

tscengr · Dec 14, 2023, 9:22 PM

@stephenw10

For some reason this morning, it suddenly worked. Really odd situation but thanks for all the help,, may need some video trainings for future tickets I think

Jeff

SteveITS · Dec 14, 2023, 9:43 PM

@tscengr The reason I asked about Squarespace is because I've been fighting an issue for a few weeks where my home and office cannot connect to Squarespace-hosted sites using HTTPS. Specifically, these IPs:

ext-sq.squarespace.com. 151     IN      A       198.185.159.145
ext-sq.squarespace.com. 151     IN      A       198.49.23.144
ext-sq.squarespace.com. 151     IN      A       198.185.159.144
ext-sq.squarespace.com. 151     IN      A       198.49.23.145

I can ping them and HTTP works, but HTTPS fails to connect (times out). We accidentally found it started working late yesterday afternoon, but is not working now. I am confident it's not pfSense related, nor PC related since it happens on phones as well.

SteveITS · Dec 14, 2023, 10:09 PM

@SteveITS Sigh, well now that I posted that, I finally tracked it down. Squarespace web server IPs are in the https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt list for blocking DoH servers.

Uglybrian · Dec 14, 2023, 11:13 PM

@steve, I had the same problem, with that exact list five weeks ago. For me it was blocking sdisf.com. Needless to say, I looked for a new doh list to use.

SteveITS · Dec 14, 2023, 11:20 PM

@Uglybrian Thanks. Yeah that list just consolidates other lists without editing, but that's disappointing. There are a few Closed issues on the Github site for specific IPs but "all of Squarespace" is a pretty big target.