Here is a list of reason why people have trouble reaching websites: 1. DNS caching For reasons unknown to me, ISPs cache DNS info longer than they should. We have multiple DSLs from different vendors at work, and when we update the DNS to our own website, one of the DSL providers takes weeks to update their own DNS info. This is a major nationwide ISP; I don't know what the deal is. 2. DNS firewalling on your end When I first setup my personal website (http://www.robertgraham.com) I setup the firewall incorrectly for DNS access. I think I disallowed TCP access to port 53. As a consequence, some DNS servers could not resolve my host name. The easy way to resolve this is to lookup "nslookup" in Yahoo/AltaVista and you'll get a list of several CGI-base 'nslookup' programs from around the web which you can use to resolve your DNS name. This will tell you if some ISPs are failing on their lookups. 3. Proxying Many high-speed internet providers still encourage their customers to go through proxy servers in order to reduce their backbone traffic. An error in the proxy might be causing a problem. 4. caching The user's webbrowser may have cached some bad info, and it only looks like he/she can't reach your website. 5. MAPS RBL You own firewall admins may be subscribing to something like MAPS RBL that is firewalling sites that are a source of spam. High-speed always-on connections are a significant source of spam -- primarily because they are compromised by spammers. 6. BlackICE auto-response BlackICE has an auto-response feature that will automatically block IP addresses that are attacking the system. However, only about 10% of the intrusions it detects triggers this feature in order to avoid problems with false positives and spoofing. Your website would have to actually break into the system before any of these would trigger. In any event, if you add a computer to a "trusted" list, the autoblocking will no longer work on that address. I recommend the following steps: a. Make sure the user can get to other sites. I assume you already have done this, and that the user is happily surfing other sites on the Internet except yours. b. Make sure the user can resolve DNS. The easiest way is to go to the command line and say something like "ping www.example.com". If it can't resolve the DNS name, it'll tell you so. Otherwise, it will come back and start pinging that IP address. c. Assuming you can resolve the IP address, attempt to ping the site. Note that you can combine steps b and c. Now, you may have a firewall in front of your site, and it may block pings, so this isn't necessarily a good test. However, if a ping comes back, then you know the user can reach the website even though he/she cannot access it. d. Traceroute to the site. There may be a routing problem such that the user's ISP cannot figure out how to route traffic to your site. This will diagnose that problem. To run it, type "tracert www.example.com". It'll run slowly, but it'll list all the routers between the user and your site. e. If ping/traceroute seems OK, then you've validated that network connectivity should work. The next step is to validate that the protocol is working. One easy way is for the user to Telnet to port 80 on your website. The user should type "telnet www.example.com 80", which tells the user to contact your webservice with Telnet. The user should then type "GET / HTTP/1.0" and several returns. If the user can't reach the webservice, Telnet will eventually time out and the user will never get the chance to type anything. Otherwise, the user should get some sort of text back in the Telnet window from the website. If the user gets text back (regardless of what it is), then that means the webbrowser can also contact the website and there is a caching problem either within the browser itself or an intervening proxy server. I hope this helps, Rob. --- NickDat_private wrote: > One of our customers has reported that he is unable to access our site from > his home system. He is running a firewall on his system (BlackIce > Defender), and is using Optimum Online as his ISP. We've given him our IP > address so he could set an allow flag for the site but he still reports he > cannot access the site. The user states he has a 24 by 7 internet > connection, hence the firewall. Can any of you give me some advice I can > relay to this customer? He has no problem connecting to the site outside > his home. > > Nick J. Donofrio (Retired SMSgt - U.S.A.F.) > Website Quality Assurance Engineer > Rx.com > Austin, Texas 78741 > (512) 652-1274 > > ===== Robert Graham http://www.robertgraham.com/pubs __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:34 PDT