2
I have been having a recurring problem on my home network (going on for several years). The issue that starts the problem is invalid certificates preventing access to google sites (HSTS says no way). It happens for 10-15 min, then goes away. It happens on all my devices attached to my home wifi at once (Android phone, Chrome laptop, Windows computer). Happens on Chrome and Edge (on windows). My home Wifi AP/router is connected to Comcast cable provider.
When I look at the certificate (that should be from say google.com), it is always from some "random" site, (windows.com, akamai?.com, apple.com). It just happened 1hr ago, and I resolved to try and track it down.
I put DNS in the title because it seems to be a DNS error: Here is nslookup:
nslookup accounts.google.com Server: UnKnown Address: 192.168.1.1
DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name: accounts.google.com Addresses: 2607:f8b0:4009:804::200d 13.89.187.212
the IPV6 address is a google address (1e100) the IPV4 address is an microsoft address (azure), which makes sense because in this case failure cert was issued to windows.com.
All the devices on the network use the router (192.186.1.1) as their DNS source, and the router (Linksys) has these DNS static entries:
Static DNS 1: 8.8.4.4
Static DNS 2: 64.6.64.6
Which should be legit.
Any ideas why addresses are not resolving correctly for google only, and only intermittently, and only for IPV4? How can I troubleshoot this further?
this is my first post, so be nice :)
Seth Cooper
Posted 2018-08-19T16:57:38.913
Reputation: 21
You get an Azure IP address for
accounts.google.com? That's a bit unlikely... Honestly I would first suspect the router's built-in DNS cache and would try configuring some computers to use the mentioned DNS servers directly. – user1686 – 2018-08-19T18:02:57.590Your DNS addresses are (1) Google (2) Verisign. I don't believe that such wildly different sources were set by your ISP, so this was probably set by someone on your side. I suggest to turn off IPv6 in your home network and on your router, since not needed. Set also both your DNS servers to Google : 8.8.8.8 and 8.8.4.4. Then wait and see. – harrymc – 2018-08-19T18:17:20.017
Ah, I set the DNS on the router a while ago while trying to fix this. It didn't help. I just ran NameBench as suggested in another Q/A, and it returned that (for 8.8.4.4) •google.com appears incorrect: 172.217.4.46 •www.google.com is hijacked: 172.217.1.36 •twitter.com appears incorrect: 104.244.42.1, 104.244.42.65 But I don't think that is really a problem, just namebench not being sophisticated enough. I will run Namebench again when the problem is happening and see what it reports. – Seth Cooper – 2018-08-19T18:33:34.337
If your router has caches, empty all of them, then reboot the router, – harrymc – 2018-08-19T18:36:00.747
if as I suspect it is comcast dns proxy interception that is the problem, looks like I could buy a raspberry PI and install dnsmasq and or dnscrypt to move DNS queries to alternate ports or secure them entirely. – Seth Cooper – 2018-08-19T18:58:37.910
@grawity - I assume you meant an APIPA IP - the A is for Automatic (Automatic Private IP Addressing).
Seth - You might try to use to use the automatically assigned DNS IPs on your router. – Zina – 2018-08-19T20:11:14.067
@grawity I've been chasing this for a long time. I think I did setup my windows laptop with direct DNS once before, but I will try that again the next time this happens. If I still get weird name resolutions, it will confirm that it is happening outside / upstream of my router. – Seth Cooper – 2018-08-19T20:36:44.257
@Zina: No, I did not mean APIPA addresses. Note the example nslookup output and the following paragraph. – user1686 – 2018-08-19T22:46:13.123
@grawity - yeah, sorry, read so bad today. it is late here :) – Zina – 2018-08-19T23:13:12.390