Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorinfuetur
    • CommentTimeMay 8th 2012
     permalink
    Hi, I manage a mikroitk router wich uses opendns filtering, and some users complained about accessing bhphotovideo.com. So now I'm trying with a computer and a direct connection to internet, with dns setted up at the lan card, and strangely I can't access bhphotovideo.com... When I cahange the lan setup and configure google dns I gain access again... It is rare, and please understand me: The site is NOT being blocked, I just get this error en Chrome: Error 101 (net::ERR_CONNECTION_RESET)...

    I don't understand what can cause this behaviour with opendns and not with google dns. :confused:

    Any help would be appreciated. Thank you
    • CommentAuthormaintenance
    • CommentTimeMay 8th 2012 edited
     permalink
    "I don't understand what can cause this behaviour with opendns and not with google dns."

    I don't understand it either, as the DNS lookup is over and done before the page begins loading in the browser, and CONNECTION_RESET has nothing to do with DNS. You get the same IP address for the domain no matter where you are, and there don't seem to be any CDNs involved, and even if there was something wrong as such, you would expect the page not to load in the first place, or incompletely, due to latency.

    So, this is the server kicking your connection for some reason, or your router, AV, firewall, "internet security suite", or Chrome itself with a problem or bad configuration setting.

    For the simplest diagnostic, try a different browser first - even a clean version of the Chromium browser, like SRWare Iron. Chrome does all sorts of nonstandard stuff that Google wants it to do.

    Or check your AV/security application(s) first, whichever, as sometimes it is the combination of a particular browser and the "AV".

    http://www.google.com/search?q=Chrome%3A+Error+101+net+ERR_CONNECTION_RESET
    Thankful People: infuetur
    • CommentAuthorrotblitz
    • CommentTimeMay 8th 2012
     permalink
    I can't reproduce your problem, the site comes up without problems, using OpenDNS.

    It may be that you are affected by a network routing problem or a CDN provider problem, if you are quite far away from the OpenDNS location being used. The real name for alias www.bhphotovideo.com is a1850.b.akamai.net.
    What is your geographical location?
    What OpenDNS location are you using? nslookup -type=txt which.opendns.com.
    Where are you routed to? tracert www.bhphotovideo.com
    Where are you routed to with Google DNS enabled?

    "I just get this error en Chrome: Error 101 (net::ERR_CONNECTION_RESET)..."

    This would be a general Windows error, not a DNS error.
    http://www.emailquestions.com/general/4184-fix-error-101-net-err_connection_reset-connection-reset.html
    Thankful People: maintenance, infuetur
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    Thank you for the assistance, I'm really confused with this and your help is unvaluable... I think is something with my ISP but still can't understand why things change when modifying the DNSs.

    I'll try to post some more info. But please, let me repeat that this was happening in ALL the computers behind the router, which uses opendns (filtered machines), and not in the computers with google dns (they are something like "non-filtered machines"). Since this was strange, I connected my computer directly to the ADSL modem so I could test it better and passing over all the router configuration, thinking there were the problem...

    Here starts the "strange thing", since I'm getting the same behaviour, I can access bhphotovideo with google dns setted up in my computer and not with opendns...

    Well, now I tried with firefox, and deactivating antivirus and firewalll (we've got Eset Smart Security licenses) and nothing changed, same behaviour.

    rotblitz: It's interesting what you say abaout akamai, becouse I can't access http://spanish.akamai.com/ neither with opendns and yes with google dns... Again, I tested this behind the network with different computers and also directly connected to Internet... could this be a connection problem form my ISP to Akamai? And then WHY changing dns solve this?
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    More info
    ---------

    Location: Ushuaia, southernmost city at Argentina.
    OpenDNS using (nslookup): "5.mia"

    Route to bhphotovideo (opendns):

    Traza a la direcci¢n bhphotovideo.com [198.77.206.100]
    sobre un m ximo de 30 saltos:
    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 * * * Tiempo de espera agotado para esta solicitud.
    3 94 ms 94 ms 92 ms 200.51.240.181
    4 88 ms 87 ms 86 ms So6-0-0-0-grtbuecu1.red.telefonica-wholesale.net [84.16.6.5]
    5 222 ms 224 ms 224 ms Xe6-1-2-0-grtmiabr8.red.telefonica-wholesale.net.121.142.94.in-addr.arpa [94.142.121.234]
    6 311 ms 292 ms 243 ms Xe-2-3-0-0-grtwaseq4.red.telefonica-wholesale.net [94.142.124.121]
    7 248 ms 250 ms 249 ms xe-11-0-0.edge3.Washington4.Level3.net [4.53.112.33]
    8 250 ms 250 ms 248 ms vlan80.csw3.Washington1.Level3.net [4.69.149.190]
    9 252 ms 251 ms 252 ms ae-82-82.ebr2.Washington1.Level3.net [4.69.134.153]
    10 257 ms 255 ms 252 ms ae-4-4.ebr2.Newark1.Level3.net [4.69.132.102]
    11 256 ms 255 ms 252 ms ae-2-52.edge2.Newark1.Level3.net [4.69.156.41]
    12 * * * Tiempo de espera agotado para esta solicitud.
    13 * * * Tiempo de espera agotado para esta solicitud.
    14 * * * Tiempo de espera agotado para esta solicitud.
    15 255 ms 256 ms 253 ms 41334609.cst.lightpath.net [65.51.70.9]
    16 * * * Tiempo de espera agotado para esta solicitud.
    17 253 ms 257 ms 256 ms coastal-capital.cst.lightpath.net [69.27.224.18]
    18 258 ms 252 ms 253 ms 74.113.189.228
    19 * * * Tiempo de espera agotado para esta solicitud.
    20 * * * Tiempo de espera agotado para esta solicitud.
    21 * * * Tiempo de espera agotado para esta solicitud.
    22 * * * Tiempo de espera agotado para esta solicitud.
    23 * * * Tiempo de espera agotado para esta solicitud.
    24 * * * Tiempo de espera agotado para esta solicitud.
    25 * * * Tiempo de espera agotado para esta solicitud.
    26 * * * Tiempo de espera agotado para esta solicitud.
    27 * * * Tiempo de espera agotado para esta solicitud.
    28 * * * Tiempo de espera agotado para esta solicitud.
    29 * * * Tiempo de espera agotado para esta solicitud.
    30 * * * Tiempo de espera agotado para esta solicitud.
    Traza completa.
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    Route to bhphotovideo (google dns):

    Traza a la direcci¢n bhphotovideo.com [198.77.206.100]
    sobre un m ximo de 30 saltos:
    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 * * * Tiempo de espera agotado para esta solicitud.
    3 97 ms 94 ms 96 ms 200.51.240.181
    4 116 ms 89 ms 87 ms So6-0-0-0-grtbuecu1.red.telefonica-wholesale.net [84.16.6.5]
    5 223 ms 220 ms 222 ms Xe-4-0-0-0-grtmiabr7.red.telefonica-wholesale.net.121.142.94.in-addr.arpa [94.142.121.222]
    6 251 ms 245 ms 251 ms Xe0-1-0-0-grtwaseq4.red.telefonica-wholesale.net [213.140.36.233]
    7 248 ms 247 ms 249 ms xe-11-0-0.edge3.Washington4.Level3.net [4.53.112.33]
    8 259 ms 249 ms 250 ms vlan80.csw3.Washington1.Level3.net [4.69.149.190]
    9 252 ms 249 ms 249 ms ae-82-82.ebr2.Washington1.Level3.net [4.69.134.153]
    10 263 ms 253 ms 252 ms ae-4-4.ebr2.Newark1.Level3.net [4.69.132.102]
    11 254 ms 252 ms 255 ms ae-2-52.edge2.Newark1.Level3.net [4.69.156.41]
    12 * * * Tiempo de espera agotado para esta solicitud.
    13 * * * Tiempo de espera agotado para esta solicitud.
    14 * * * Tiempo de espera agotado para esta solicitud.
    15 256 ms 252 ms 252 ms 41334609.cst.lightpath.net [65.51.70.9]
    16 * * * Tiempo de espera agotado para esta solicitud.
    17 257 ms 255 ms 253 ms coastal-capital.cst.lightpath.net [69.27.224.18]
    18 253 ms 253 ms 250 ms 74.113.189.228
    19 * * * Tiempo de espera agotado para esta solicitud.
    20 * * * Tiempo de espera agotado para esta solicitud.
    21 * * * Tiempo de espera agotado para esta solicitud.
    22 * * * Tiempo de espera agotado para esta solicitud.
    23 * * * Tiempo de espera agotado para esta solicitud.
    24 * * * Tiempo de espera agotado para esta solicitud.
    25 * * * Tiempo de espera agotado para esta solicitud.
    26 * * * Tiempo de espera agotado para esta solicitud.
    27 * * * Tiempo de espera agotado para esta solicitud.
    28 * * * Tiempo de espera agotado para esta solicitud.
    29 * * * Tiempo de espera agotado para esta solicitud.
    30 * * * Tiempo de espera agotado para esta solicitud.
    Traza completa.


    At last, I entered to bhphotovideo using google dns, then changed the computer dns, refreshed the website and got the error... I can't explain this... it seems to be something with akamai but as I said at the begining, then why changing dns solves this?

    Thank you!!
    • CommentAuthorrotblitz
    • CommentTimeMay 9th 2012
     permalink
    Yes, your problem is most likely CDN related. You are too far away from the DNS service you're using (Miami/Florida) to get accurate IP address information according to your location.

    Unfortunately you only show the traceroute to bhphotovideo.com, and both, OpenDNS and Google, return even the exact same IP address: 198.77.206.100. But this is not what I was asking for. I intentionally wanted to see traceroutes to www.bhphotovideo.com, because this is the one hosted at Akamai's CDN, not the @ domain.

    Therefore we still are where we have been before... :sad:
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    Sorry, Here is what you really wanted to see...

    Tracert to www.bhphotovideo.com

    With google dns:
    Traza a la direcci¢n a1850.b.akamai.net [208.44.23.27]
    sobre un m ximo de 30 saltos:
    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 * * * Tiempo de espera agotado para esta solicitud.
    3 37 ms 36 ms 35 ms 201-251-97-20.mrse.com.ar [201.251.97.20]
    4 36 ms 37 ms 35 ms 201-251-97-20.mrse.com.ar [201.251.97.20]
    5 37 ms 37 ms 36 ms 201-251-97-17.mrse.com.ar [201.251.97.17]
    6 91 ms 92 ms 92 ms so-5-1-0-0-grtbuecu1.red.telefonica-wholesale.net [213.140.51.65]
    7 229 ms 225 ms 227 ms Xe-7-1-0-0-grtmiabr8.red.telefonica-wholesale.net.121.142.94.in-addr.arpa [94.142.121.238]
    8 246 ms 236 ms 245 ms Xe-2-3-0-0-grtwaseq4.red.telefonica-wholesale.net [94.142.124.121]
    9 252 ms 251 ms 248 ms Qwest-1-3-0-0-grtwaseq4.red.telefonica-wholesale.net [213.140.55.18]
    10 263 ms 259 ms 259 ms atx-edge-03.inet.qwest.net [67.14.14.142]
    11 266 ms 263 ms 269 ms 208-44-23-27.dia.static.qwest.net [208.44.23.27]
    Traza completa.


    With opendns:
    Traza a la direcci¢n a1850.b.akamai.net [23.67.53.115]
    sobre un m ximo de 30 saltos:
    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 * * * Tiempo de espera agotado para esta solicitud.
    3 95 ms 95 ms 95 ms 200.51.240.181
    4 88 ms 102 ms 87 ms So4-1-0-0-grtbuecu1.red.telefonica-wholesale.net [84.16.11.97]
    5 221 ms 223 ms 220 ms Xe-7-1-0-0-grtmiabr7.red.telefonica-wholesale.net.121.142.94.in-addr.arpa [94.142.121.210]
    6 340 ms 247 ms 252 ms Xe0-1-3-0-grtwaseq3.red.telefonica-wholesale.net [94.142.124.101]
    7 * * * Tiempo de espera agotado para esta solicitud.
    8 * * * Tiempo de espera agotado para esta solicitud.
    9 * * * Tiempo de espera agotado para esta solicitud.
    10 * * * Tiempo de espera agotado para esta solicitud.
    11 * * * Tiempo de espera agotado para esta solicitud.
    12 * * * Tiempo de espera agotado para esta solicitud.
    13 * * * Tiempo de espera agotado para esta solicitud.
    14 * * * Tiempo de espera agotado para esta solicitud.
    15 * * * Tiempo de espera agotado para esta solicitud.
    16 * * * Tiempo de espera agotado para esta solicitud.
    17 * * * Tiempo de espera agotado para esta solicitud.
    18 * * * Tiempo de espera agotado para esta solicitud.
    19 * * * Tiempo de espera agotado para esta solicitud.
    20 * * * Tiempo de espera agotado para esta solicitud.
    21 * * * Tiempo de espera agotado para esta solicitud.
    22 * * * Tiempo de espera agotado para esta solicitud.
    23 * * * Tiempo de espera agotado para esta solicitud.
    24 * * * Tiempo de espera agotado para esta solicitud.
    25 * * * Tiempo de espera agotado para esta solicitud.
    26 * * * Tiempo de espera agotado para esta solicitud.
    27 * * * Tiempo de espera agotado para esta solicitud.
    28 * * * Tiempo de espera agotado para esta solicitud.
    29 * * * Tiempo de espera agotado para esta solicitud.
    30 * * * Tiempo de espera agotado para esta solicitud.
    Traza completa.
    • CommentAuthorrotblitz
    • CommentTimeMay 9th 2012 edited
     permalink
    Ah yes, confirmed, you are clearly impacted by that CDN problem - a very good example!

    CDN providers feed DNS servers with information related to the location of the DNS service, not related to the location of the end user. As you are using a DNS server too far away, you get rubbish information from the CDN via DNS, good only for the South East of USA, bad for Argentina. :cry:

    I will not say there is nothing you can do here, but from case to case you could enter a line to your hosts files like:
    208.44.23.27 www.bhphotovideo.com a1850.b.akamai.net www.bhphotovideo.com.akadns.net www.bhphotovideo.com.edgesuite.net

    This would help immediately - in this case only, but nobody knows for how long. They (CDN) tend to often change IP addresses and hostnames...
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    Thank you rotblitz, what about this?
    I got this tracert from another office here in Ushuaia and using opendns ("9.mia" at nslookup)... it resolved the same ip but also showed the site correctly:


    Traza a la direcci¢n a1850.b.akamai.net [23.67.53.107]
    sobre un m ximo de 30 saltos:
    1 1 ms 1 ms 2 ms 10.1.41.1
    2 2 ms 2 ms 4 ms 10.0.0.1
    3 * * * Tiempo de espera agotado para esta solicitud.
    4 * * * Tiempo de espera agotado para esta solicitud.
    5 * * 67 ms So6-0-0-0-grtbuecu1.red.telefonica-wholesale.net [84.16.6.5]
    6 202 ms 200 ms 201 ms Xe-7-1-0-0-grtmiabr8.red.telefonica-wholesale.net.121.142.94.in-addr.arpa [94.142.121.238]
    7 318 ms 296 ms 224 ms 176.52.249.126
    8 240 ms 227 ms 227 ms xe-0-0-0.GW9.IAD8.ALTER.NET [152.179.50.113]
    9 224 ms 224 ms 235 ms 0.xe-1-1-0.XL1.IAD8.ALTER.NET [152.63.33.158]
    10 257 ms 274 ms 270 ms 0.xe-11-0-0.XL1.MIA19.ALTER.NET [152.63.85.74]
    11 262 ms 426 ms 373 ms 0.xe-10-2-0.GW1.MIA19.ALTER.NET [152.63.81.14]
    12 259 ms 258 ms 258 ms akamai.customer.alter.net [63.65.188.50]
    13 323 ms 311 ms 397 ms a23-67-53-107.deploy.akamaitechnologies.com [23.67.53.107]
    Traza completa.

    The same office did a different tracert before, but anyway is fetching the site without inconvenience... same ISP, same CITY. Different connection?
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    no... sorry I've seen the ip address resolved is different 23.67.53.107 vs 23.67.53.115
    • CommentAuthorrotblitz
    • CommentTimeMay 9th 2012
     permalink
    Yes, it stands! You're a victim of this well known CDN related problem, and possibly in conjunction with some suboptimal routing by your ISP and the participating network carriers.
    Thankful People: zelus
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    Sorry rotblitz, in your opinion is there something I can claim to my ISP? Or should I only change my DNS servers... that will need the installation of a web proxy srver for the lan.
    • CommentAuthorrotblitz
    • CommentTimeMay 9th 2012
     permalink
    Well, you would have to do much more measuring and researches to come to final conclusions.

    Regarding routing: if you compare the traceroute to www.bhphotovideo.com from the first location with the traceroute to the second location, both using OpenDNS Miami, you see that the second location's routing is far better than the first. This indicates a routing configuration problem with your ISP and/or the peering network carriers at the first location, at least for this IP address range 23.67.53.x­xx. Well, one instance is not enough to prove a general routing configuration problem...

    Changing DNS servers, well, if you have problems only with a few sites where you could apply the hosts file trick, you'll probably continue using OpenDNS, because it still may have advantages over other DNS services. And you may hope that OpenDNS opens a location in Latin America (candidates are likely Argentina and Brazil) some day which would mostly solve your CDN problem.

    Not sure what installing a web proxy is to do with the DNS service being used. You may want to explain this piece.
    • CommentAuthorinfuetur
    • CommentTimeMay 9th 2012
     permalink
    Well that was becouse we started using opendns becouse of the reliability of the service when the official ISP DNSs where failling a lot... in that moment we were doing web filtering with the webproxy plugin of a mikrotik installed in an i386 machine... Then we bought an RB1100 routerboard (good for routing/bad for webproxy) and configured opendns so that unwanted sites get blocked (porn/youtube/tv/...) That was working good until now... If we change the dns to another, we will need to install a server that does that filtering.

    I'll check with my ISP, will be difficult to get help anyway :S
  1.  permalink
    You could yet open a support ticket with OpenDNS, and reference this thread. They may be able to work out the routing issue with the ISP or network carriers.
    Thankful People: zelus

This discussion has been inactive for longer than 30 days, and is thus closed.