Cannot connect but only to 2 web sites

[Vanguard]

Windows 2000 Pro SP4
Internet Explorer 6

I have a broadband cable connection (Comcast). I cannot connect to the
following web sites:

http://www.creative.com
http://www.soundblaster.com

Yet I can connect to:

http://www.americas.creative.com

and every other web site that I navigate to (but have had some problems
with links to http://dw.com.com used for downloading files from
http://www.download.com). When trying to navigate to the web site, 5
seconds later IE6 will display "Cannot find server or DNS Error". I
have tried all of the following and maybe more:

- Did a "nslookup www.creative.com". It worked. The IP address
returned worked when using http://www.anonymizer.com or
http://www.samspade.org to go there. So my ISP's DNS server knows about
their web site.

- Used http://www.anonymizer.com to go to the web site. It opened okay
so I know the Creative web site is up. Unfortunately, I cannot download
any drivers or even access their support pages through Anonymizer
because their freebie service disables too much of Creative's web site.

- Used safe web browser at http://www.samspade.org to go to the web
site. It opened okay (i.e., I saw the HTTP data). So I can
successfully connect to some other web site that then can open the home
page at the target web site. Since this safe web browser only shows me
the HTTP datastream, I cannot use it to download any drivers or search
their knowledgebase.

- Purge the browser's file cache.

- Put the URL for the web site in the Trusted security zone for IE.

- Disabled the firewall (Norton Internet Security 2003).

- Disabled the anti-virus software (Norton Anti-Virus 2003).

- Checked there are no inline proxies configured for IE to use.

- Disabled PopUp Cop (a popup stopper).

- Set cookies management to accept all cookies, even 3rd party cookies.

- Used the safe web browser in SamSpade for Windows (shows the HTTP
datastream instead of rendering any HTML within it). I see the GET
command but no response. This safe web browser doesn't use any plug-ins
from IE nor does it go through any proxies that might be configured for
IE, so none of that is inline with the connection between it and the web
site.

- Used HTTP Tracer to watch the HTTP datastream as my browser tried to
get to the web site. It also showed the GET command but no response.
After 5 seconds, IE6 times out with the "Cannot find server or DNS
Error" page. However, when my firewall is enabled, it sees no
connection attempt from my browser. It will show an instance of the
browser got loaded (because there is an application rule in my firewall)
but there is no connection logged to the web site. I do see a log of
the brower "User-Agent" data getting sent but that's probably only
checking the HTTP command to issue that information.

- Used BHO Demon to disable all BHO (browser helper objects) in IE.

- Checked that no URLs were listed under the Restricted Sites security
zone in IE.

- Creative's drivers and/or software installed a CTHELPER.exe program
that loads on Windows startup. It is supposed to do something with
their drivers to help them do updates or provide help. In any case, it
has been an unused feature as far as I can see so I disabled this load.
I also disabled their load of ADGJET.exe on startup (something to do
with detecting when headphones are plugged into an external drive or
device). Didn't help.

- Eventually using msconfig.exe (borrowed from WinXP) or Mike Lin's
Startup applet, and doing the reboot so the disabled program doesn't get
executed on Windows startup, I can then navigate to these targeted web
sites. So I figured that I've located the problem. Wrong! Sometime
later the problem will crop up again.

- I have ran SpyBot and Ad-Aware with latest sig files and found no
problems.

- Ran a complete and updated virus scan with no reports of infection.

- I reinstalled Service Pack 4, Internet Explorer 6 (reinstall all
components), and Windows Update to see if I could step on whatever has
stepped on IE6. Nope, didn't help.

- The "DNS Client" NT service is stopped and disabled; i.e.,it is not
running nor does it get loaded on Windows startup. So trying to run
"ipconfig /flushdns" is meaningless since client-side DNS caching is
disabled.

- I only have 3 entries in the hosts file; one to equate 127.0.0.1 to
localhost and a couple others also to 127.0.0.1 (which I use for names
of local proxies for e-mail, which are SpamPal and YahooPops, so I know
what they are when I'm configuring e-mail accounts or chaining the
e-mail proxies). Nothing else is in the hosts file, so it is not like
I'm using localhost to block access to a web site.

- Tried resetting the TCP parameters by running "netsh interface reset
all".

From what I can tell, the browser is never actually making a connection.
My firewall will show when my browser (or any application) makes a
connection off my host. I can navigate okay to lots of other web sites.
I have verified, as noted, that the target web sites are indeed up and
responsive. Yet it is ONLY to these 2 web sites that I cannot navigate
(http://www.creative.com and http://www.soundblaster.com). There have
been occasional problems with some of the links at
http://www.download.com (which go to http://dw.com.com). What gets me
is that my firewall never even sees the connection attempt. Yet I see
in the browser its status line changing from "Connecting to <url> ..."
to "Web site found. Waiting for reply ...". There is an intermediate
status about something to do with detecting proxy settings (but doesn't
show if I uncheck the option to automatic detect settings).

Sometimes after using http://www.anonymizer.com or
http://www.samspade.org (safe browser) to open the web site, then I can
connect okay directly from my browser, but eventually it fails again
with the "Cannot find server or DNS Error" page. After pulling it out
over the last few days, I have little hair left.

 

[Vanguard]

Okay, Subject should've been "Can connect everywhere except to 2 web
sites."

 

[H Leboeuf]

Quoted from a previous post by Wilson Bradley

Problem: Cannot find server or DNS Error Internet Explorer
When I hit refresh it works fine. Even with my designated HOME page.
My Specs., Windows 2000 Pro., IE 6.0.2600, DSL, Southwestern bell

Solution:
We have been using a LAN connection for over a year and I just updated
everyone to IE 6. For some reason a lot of users were getting the "The page
cannot be displayed" error every time they opened IE instead of a home page
but were able to proceed with no problem after the first refresh.

I turns out that the "Autodial" setting in the registry was being set to
"true" even though they do not even have dialup adapters installed.

Instead of me giving the paths to the registry settings, open REGEDIT and
search for "EnableAutodial" and each place that has the value as "1" or "01
00 00 00" change it to "0" or "00 00 00 00".

If you are using a dialup then this is not for you.

Source: Wilson Bradley

Or:

Since you may not be able to get to this page I pasted the info.
IPCONFIG Diagnostic Utility: Parameters and Usage
http://support.microsoft.com/?kbid=117662 (W2000/NT May 6, 2003)

Quote
SUMMARY
IPCONFIG.EXE is a new utility included with Windows. The purpose of this
utility is to provide the user with diagnostic information related to TCP/IP
network configuration. IPCONFIG also accepts various Dynamic Host
Configuration Protocol (DHCP) commands, allowing a system to update or
release its TCP/IP network configuration.
MORE INFORMATION
Example:
IPCONFIG [/? | /all | /release [adapter] | /renew [adapter]]

/?: Displays this help message.
/all: Displays full configuration information.
/release: Releases the IP address for the specified adapter.
/renew: Renews the IP address for the specified adapter.

With no parameters, IPCONFIG will display only the IP address, subnet mask
and default gateway for each adapter bound to TCP/IP.

With the /all switch, IPCONFIG will display all the current TCP/IP
configuration values including the IP address, subnet mask, default gateway
and Windows Internet Naming Service (WINS) and DNS configuration.

If adapter name is not specified with either the /Release or /Renew switch,
then the IP address leases for all adapters bound to TCP/IP will be released
or renewed.

NOTE: The /Release and /Renew switches can only be used on a system that is
configured with DHCP.

Unquote.
Hope it helps.
--

Let me know if you cannot get to these sites.
http://www.mvps.org/inetexplorer/answers.htm#dns
http://www.dslreports.com/faq/sbc/all#1453


Henri Leboeuf
Web page: http://www.generation.net/~hleboeuf/index.htm

 

[Robert Aldwinckle]

Windows 2000 Pro SP4
Internet Explorer 6 ....
I cannot connect to the following web sites:

....

What do you get from the problem sites if you use telnet to port 80?

FWIW that proves connectivity but I get different results when I reply with:
1. two slow enters
2. GET / and two slow enters
3. GET http://www.creative.com/ HTTP/1.1 and two slow enters

BTW are you using HTTP 1.1 or HTTP 1.0? Even example 1 shows
that the former will be that site's preference.

Also interesting is the result I get with http://216.61.164.89/
from the Address bar compared with what I get with that same
address using telnet. (Site Not Found)

BTW if that is not the address which nslookup is returning for
*both* of those problem sites try *adding* the following entries
to your HOSTS file:

216.61.164.89 www.creative.com
216.61.164.89 www.soundblaster.com

Also you would only see my symptom if you have disabled
Show friendly HTTP error messages.


Good luck

Robert Aldwinckle
---

 

[Vanguard]

I had tried telnetting into port 80 at www.creative.com. The results
were somewhat similar to what was happening in the browser. A couple of
hits on the Enter key did nothing. Entering a GET command, as you
mention, returned nothing. In about 6 seconds after establishing the
connection, the session got terminated with a "Connection to host lost"
message and exited telnet. So it looks like it got a connection but
either it isn't seeing my commands or it doesn't respond to them.

However, as mentioned, when I use a proxy that is off of my domain
(comcast.net) then their site opens okay; e.g., I used anonymizer.com
and samspade.org to open their web site and it returned an OK status and
presented the HTTP datastream for their home page. Using the safe web
browser at samspade.org, I can see it issue "GET / HTTP/1.1" and get
back the "HTTP/1.1 200 OK" status. But in the telnet session
originating from my domain, nothing ever comes back. As a test, and to
see what comes back from a good connection, I did a test using "telnet
www.comcast.net 80" and entered "GET /" which returned their home page
(you only get to see the HTML or data portion and not the HTTP commands
as you do with samspade.org), so I know telnetting will work if the host
responds provided that it ever got my request.

I also get 216.61.164.89 on a reverse DNS lookup on www.creative.com. I
also tried using http://216.61.164.89/ as the URL in the browser but got
the same bad results.

I am using Norton Internet Security (NIS) 2003 as my personal firewall.
When making the connections using telnet, I notice the following:

- When "telnet www.comcast.net 80", the connection shows up in their log
under the Connections category but only after I input the "GET /"
command.

- When "telnet www.creative.com 80", no connection shows up no matter
what I input.

I found out that NIS does not record the connection unless the target
host sends back data. Although I can "telnet www.comcast.net 80" and
get a connection, it does not get recorded in their logs. Only after I
input "GET /" (or any input that results in, say, a bad or unknown
command) and get some data back from their host does the connection then
get recorded in NIS' logs. Maybe nothing of the status of the
connection can be known until the target host sends something back. The
telnet did trigger a prompt asking me to allow the outbound connection
for the telnet.exe application but apparently nothing gets logged unless
the targeted host actually responds (by sending something back either in
making the connection or as a result of a command sent to it).

I also noticed the following regarding the timeout duration (I telnet in
but do not enter any input):

- "telnet www.creative.com 80" times out after 6 seconds.

- "telnet www.comcast.net 80" never timed out (I quit waiting after 5
minutes). I also telnetted into www.intel.com and www.ibm.com and no
timeout occurred within the 1 minute that I waited. I telnetted into
www.microsoft.com got a timeout in 30 seconds.

- If I telnet to a non-existent host (see note below about having to use
an IP address), it times out in 6 seconds.

Apparently the domain can configure how long a session times out when no
command is received. The telnet session apparently times itself out
after 6 seconds if no connection is made. It looks like I am not
getting a telnet connection (port 80) to www.creative.com. If you
telnet into www.creative.com and let the connection sit there without
inputting any command (i.e., get the connection and just let it sit),
does it timeout for you? Since the telnet to www.creative.com and to a
non-existent domain both timeout after 6 seconds, it might be a problem
with my ISP. Yet I can traceroute okay to www.creative.com.

NOTE:

I noticed that a DNS lookup on a non-existent domain name always returns
64.94.110.11 (which has a reverse DNS lookup of
sitefinder-idn.verisign.com). This was true using my ISP's DNS server
and using whatever DNS server is used by samspade.org. This caught me
by surprise. I figured a non-existent domain name would have return a
status of something like "unknown host" or "no such record". An
"nslookup iinntteell.com" returns 64.94.110.11 for which a reverse DNS
lookup returns sitefinder-idn.verisign.com. Is this how the DNS lookup
is supposed to work?

When I attempt a reverse DNS on an IP address that doesn't exist, I get
a "non-existent domain" error message which is what I expect. This is
also the same error message that I had expected when trying to do a DNS
lookup on an IP name for which there was no registration, but instead it
returns some subdomain at Verisign.com. Below are some of the results
that I got:

nslookup iinntteell.com --> 64.94.110.11 --> sitefinder-idn.verisign.com
nslookup iinntteell.net --> 64.94.110.11 --> sitefinder-idn.verisign.com
nslookup iinntteell.org --> non-existent domain
nslookup iinntteell.edu --> non-existent domain
nslookup 200.200.100.100 --> non-existent domain

As a result, I had to use an IP address instead of an IP name to telnet
to a non-existent domain to see what would be the timeout.

 

[Vanguard]

EnableAutoDial is set to 0 in each instance found in the registry.

In my reply to Robert, note that I cannot even telnet into their web
server. telnet.exe will time out after 6 seconds if it cannot connect
to the target host (to a process monitoring the specified port).
Telnetting into their web server (port 80) also times out after 6
seconds. It looks like I have a problem telnetting through my ISP to
get to Creative's web server but I can use a proxy (off my ISP's domain)
to open that web site in a browser.

I can traceroute and ping that host okay but that only tells me that
host is up and running TCP/IP okay. It doesn't tell me that a process
(web server) is running on that host. However, going through
anonymizer.com and samspade.org proves that their web server is up on
that host. Guess I'll have to see if I can find someone technically
proficient at my ISP to find out why I cannot telnet to www.creative.com
but only when going through their domain.

--
____________________________________________________________
** Share with others. Post replies in the newsgroup.
** If present, remove all "-nix" from my email address.
____________________________________________________________

Quoted from a previous post by Wilson Bradley

Problem: Cannot find server or DNS Error Internet Explorer
When I hit refresh it works fine. Even with my designated HOME page.
My Specs., Windows 2000 Pro., IE 6.0.2600, DSL, Southwestern bell

Solution:
We have been using a LAN connection for over a year and I just updated
everyone to IE 6. For some reason a lot of users were getting the "The page
cannot be displayed" error every time they opened IE instead of a home page
but were able to proceed with no problem after the first refresh.

I turns out that the "Autodial" setting in the registry was being set to
"true" even though they do not even have dialup adapters installed.

Instead of me giving the paths to the registry settings, open REGEDIT and
search for "EnableAutodial" and each place that has the value as "1" or "01
00 00 00" change it to "0" or "00 00 00 00".

If you are using a dialup then this is not for you.

Source: Wilson Bradley

Or:

Since you may not be able to get to this page I pasted the info.
IPCONFIG Diagnostic Utility: Parameters and Usage
http://support.microsoft.com/?kbid=117662 (W2000/NT May 6, 2003)

Quote
SUMMARY
IPCONFIG.EXE is a new utility included with Windows. The purpose of this
utility is to provide the user with diagnostic information related to TCP/IP
network configuration. IPCONFIG also accepts various Dynamic Host
Configuration Protocol (DHCP) commands, allowing a system to update or
release its TCP/IP network configuration.
MORE INFORMATION
Example:
IPCONFIG [/? | /all | /release [adapter] | /renew [adapter]]

/?: Displays this help message.
/all: Displays full configuration information.
/release: Releases the IP address for the specified adapter.
/renew: Renews the IP address for the specified adapter.

With no parameters, IPCONFIG will display only the IP address, subnet mask
and default gateway for each adapter bound to TCP/IP.

With the /all switch, IPCONFIG will display all the current TCP/IP
configuration values including the IP address, subnet mask, default gateway
and Windows Internet Naming Service (WINS) and DNS configuration.

If adapter name is not specified with either the /Release or /Renew switch,
then the IP address leases for all adapters bound to TCP/IP will be released
or renewed.

NOTE: The /Release and /Renew switches can only be used on a system that is
configured with DHCP.

Unquote.
Hope it helps.
--

Let me know if you cannot get to these sites.
http://www.mvps.org/inetexplorer/answers.htm#dns
http://www.dslreports.com/faq/sbc/all#1453


Henri Leboeuf
Web page: http://www.generation.net/~hleboeuf/index.htm

Windows 2000 Pro SP4
Internet Explorer 6

I have a broadband cable connection (Comcast). I cannot connect to the
following web sites:

http://www.creative.com
http://www.soundblaster.com

Yet I can connect to:

http://www.americas.creative.com

and every other web site that I navigate to (but have had some problems
with links to http://dw.com.com used for downloading files from
http://www.download.com). When trying to navigate to the web site, 5
seconds later IE6 will display "Cannot find server or DNS Error". I
have tried all of the following and maybe more:

- Did a "nslookup www.creative.com". It worked. The IP address
returned worked when using http://www.anonymizer.com or
http://www.samspade.org to go there. So my ISP's DNS server knows about
their web site.

- Used http://www.anonymizer.com to go to the web site. It opened okay
so I know the Creative web site is up. Unfortunately, I cannot download
any drivers or even access their support pages through Anonymizer
because their freebie service disables too much of Creative's web site.

- Used safe web browser at http://www.samspade.org to go to the web
site. It opened okay (i.e., I saw the HTTP data). So I can
successfully connect to some other web site that then can open the home
page at the target web site. Since this safe web browser only shows me
the HTTP datastream, I cannot use it to download any drivers or search
their knowledgebase.

- Purge the browser's file cache.

- Put the URL for the web site in the Trusted security zone for IE.

- Disabled the firewall (Norton Internet Security 2003).

- Disabled the anti-virus software (Norton Anti-Virus 2003).

- Checked there are no inline proxies configured for IE to use.

- Disabled PopUp Cop (a popup stopper).

- Set cookies management to accept all cookies, even 3rd party cookies.

- Used the safe web browser in SamSpade for Windows (shows the HTTP
datastream instead of rendering any HTML within it). I see the GET
command but no response. This safe web browser doesn't use any plug-ins
from IE nor does it go through any proxies that might be configured for
IE, so none of that is inline with the connection between it and the web
site.

- Used HTTP Tracer to watch the HTTP datastream as my browser tried to
get to the web site. It also showed the GET command but no response.
After 5 seconds, IE6 times out with the "Cannot find server or DNS
Error" page. However, when my firewall is enabled, it sees no
connection attempt from my browser. It will show an instance of the
browser got loaded (because there is an application rule in my firewall)
but there is no connection logged to the web site. I do see a log of
the brower "User-Agent" data getting sent but that's probably only
checking the HTTP command to issue that information.

- Used BHO Demon to disable all BHO (browser helper objects) in IE.

- Checked that no URLs were listed under the Restricted Sites security
zone in IE.

- Creative's drivers and/or software installed a CTHELPER.exe program
that loads on Windows startup. It is supposed to do something with
their drivers to help them do updates or provide help. In any case, it
has been an unused feature as far as I can see so I disabled this load.
I also disabled their load of ADGJET.exe on startup (something to do
with detecting when headphones are plugged into an external drive or
device). Didn't help.

- Eventually using msconfig.exe (borrowed from WinXP) or Mike Lin's
Startup applet, and doing the reboot so the disabled program doesn't get
executed on Windows startup, I can then navigate to these targeted web
sites. So I figured that I've located the problem. Wrong! Sometime
later the problem will crop up again.

- I have ran SpyBot and Ad-Aware with latest sig files and found no
problems.

- Ran a complete and updated virus scan with no reports of infection.

- I reinstalled Service Pack 4, Internet Explorer 6 (reinstall all
components), and Windows Update to see if I could step on whatever has
stepped on IE6. Nope, didn't help.

- The "DNS Client" NT service is stopped and disabled; i.e.,it is not
running nor does it get loaded on Windows startup. So trying to run
"ipconfig /flushdns" is meaningless since client-side DNS caching is
disabled.

- I only have 3 entries in the hosts file; one to equate 127.0.0.1 to
localhost and a couple others also to 127.0.0.1 (which I use for names
of local proxies for e-mail, which are SpamPal and YahooPops, so I know
what they are when I'm configuring e-mail accounts or chaining the
e-mail proxies). Nothing else is in the hosts file, so it is not like
I'm using localhost to block access to a web site.

- Tried resetting the TCP parameters by running "netsh interface reset
all".

From what I can tell, the browser is never actually making a connection.
My firewall will show when my browser (or any application) makes a
connection off my host. I can navigate okay to lots of other web sites.
I have verified, as noted, that the target web sites are indeed up and
responsive. Yet it is ONLY to these 2 web sites that I cannot navigate
(http://www.creative.com and http://www.soundblaster.com). There have
been occasional problems with some of the links at
http://www.download.com (which go to http://dw.com.com). What gets me
is that my firewall never even sees the connection attempt. Yet I see
in the browser its status line changing from "Connecting to <url> ...."
to "Web site found. Waiting for reply ...". There is an intermediate
status about something to do with detecting proxy settings (but doesn't
show if I uncheck the option to automatic detect settings).

Sometimes after using http://www.anonymizer.com or
http://www.samspade.org (safe browser) to open the web site, then I can
connect okay directly from my browser, but eventually it fails again
with the "Cannot find server or DNS Error" page. After pulling it out
over the last few days, I have little hair left.

--
____________________________________________________________
** Share with others. Post replies in the newsgroup.
** If present, remove all "-nix" from my email address.
____________________________________________________________

 

[Vanguard]

For those who can successfully open a web page at www.creative.com,
could you provide a copy of your traceroute to them? Thanks. My ISP
(Comcast) claims they can do nothing if I can reach all other web sites
other than this particular one and especially if I can traceroute and
ping to that site. What I need to find out is if everyone has a
different route to www.creative.com than me or if someone share
something in common but it works for them. All the traceroutes will end
at SBC Global because they are allocated the IP address assigned to
www.creative.com. My traceroute shows (with the times and IP lookups
removed):

tracert www.creative.com

Tracing route to www.creative.com [216.61.164.89]
over a maximum of 30 hops:
1 192.168.0.1 (my router)
2 10.230.8.1
3 bar01-f1-1-0.broohe1.mn.attbb.net
4 24.31.2.105
5 24.31.2.22
6 12.126.248.33
7 tbr1-p012701.cgcil.ip.att.net
8 tbr2-p012501.cgcil.ip.att.net
9 tbr2-cl7.sl9mo.ip.att.net
10 tbr2-cl6.dlstx.ip.att.net
11 ggr1-p380.dlstx.ip.att.net
12 att-gw.dal.sprint.net
13 sl-bb26-fw-12-0.sprintlink.net
14 sl-gw39-fw-0-0.sprintlink.net
15 sl-swb-58-0.sprintlink.net
16 bb1-p14-0.rcsntx.sbcglobal.net
17 bb1-p3-0.okcyok.swbell.net
18 ded1-fa0-1-0.okcyok.swbell.net
19 vip-creative-labs-inc-644172.cust-rtr.swbell.net
20 ws-164-89.clok.creative.com
Trace complete.

The tech at Comcast was able to open www.creative.com so he on his
portion of Comcast's network was working okay. Me through my portion of
Comcast's network is not working. However, he didn't provide me a
traceroute of how he was getting to www.creative.com so I don't know but
it is likely that he has different upstream providers between his
portion of Comcast and SBC Global (SW Bell). My traceroute shows I'm
going through part of AT&T's network (because they provide the actual
broadband service for Comcast in my area), then Sprint, and then to SBC
Global (sbcglobal.net and swbell.net). If others who can connect okay
are not going through Spring or some front-end portion of SW Bell then
it might indicate with whom I having problems if it is a provider
upstream of my ISP's domain (Comcast) that is generating the problem.

So for those that can connect to www.creative.com, I'm looking for those
users that:

- Use Comcast as their ISP to do a traceroute to see what upstream
providers are between Comcast and the web site.

- Use something *other* than Comcast to see what providers are in their
path to the web site.

It would be ideal if I could find a Comcast user that also went through
the broohe1.mn.attbb.net host and who could connect since they would be
taking the same path as me. If it worked for them but not me then the
problem is on my end. If I can find users that also go through Sprint
and SBC Global and they can connect okay, it points back to Comcast.

The traceroute from www.samspade.org to www.creative.com is:

3 isi-1-lngw2-atm.ln.net
4 ge-9-3.a01.lsanca02.us.ra.verio.net
5 xe-1-0-0-4.r21.lsanca01.us.bb.verio.net
6 p16-1-1-0.r21.snjsca04.us.bb.verio.net
7 p16-3-0-0.r01.snjsca04.us.bb.verio.net
8 bb1-g1-0s1.eqsjca.sbcglobal.net
9 bb2-p11-0.sntc01.pbi.net
10 core2-p6-3.crscca.sbcglobal.net
11 core1-p8-0.crscca.sbcglobal.net
12 core2-p3-0.crsfca.sbcglobal.net
13 core1-p1-0.crsfca.sbcglobal.net
14 core1-p3-0.crskut.sbcglobal.net
15 core1-p11-0.crdnco.sbcglobal.net
16 core1-p3-0.crkcmo.sbcglobal.net
17 core2-p1-0.crkcmo.sbcglobal.net
18 bb2-p5-0.ksc2mo.sbcglobal.net
19 bb2-p3-0.okcyok.swbell.net
20 ded1-fa0-1-0.okcyok.swbell.net
21 vip-creative-labs-inc-644172.cust-rtr.swbell.net

SamSpade.org goes through Verio instead of Sprint so I cannot tell if
Sprint is causing the problem. While SamSpade.org enters SBC through a
different host (eqsjca.sbcglobal.net for SamSpade versus
rcsntx.sbcglobal.net for me), eventually they do go through
okcyok.swbell.net which I also go through, so from that point there
couldn't be a problem since SamSpade.org can reach the web site. So,
for me, the problem lies in Comcast, Sprint, or one the
rcsntx.sbcglobal.net front-end SBC host. If someone else who can open
www.creative.com okay and goes through rcsntx.sbcglobal.net then I can
eliminate SBC as the problem. If someone else who can open the web site
okay and goes through Sprint then I can probably eliminate Sprint as the
culprit and focus back on Comcast. Someone going through Comcast's
broohe1.mn.attbb.net host and connecting okay to the web site would
eliminate Comcast and point to something farther up.

 

[Robert Aldwinckle]

....

If you telnet into www.creative.com and let the connection sit there
without inputting any command (i.e., get the connection and just let it sit),
does it timeout for you?

Sort of. I opened another command window and ran
netstat -p tcp 30
in parallel. After 19 intervals the connection was broken.
That means there was a timeout somewhere between
9 and 10 minutes?

I can traceroute okay to www.creative.com

ping and tracert are both very flakey for me for both creative and comcast
Sometimes they work and sometimes they don't.

An "nslookup iinntteell.com" returns 64.94.110.11 for which a reverse DNS
lookup returns sitefinder-idn.verisign.com. Is this how the DNS lookup
is supposed to work?

That's the result I get too. AFAIK DNS is supposed to convert symbolic
addresses to numeric addresses so a reverse lookup may be undefined.
I remember seeing a prefix that you are supposed to use to do a reverse
lookup but I can't recollect the details of it. Maybe that is just nslookup
telling us what it did to get an answer? I imagine we would have to trace
the DNS connection to find out what is really going on.

Hmm... I just did a quick Google on that Verisign site name.
Apparently it is something rather recent and seems controversial.
Unfortunately I wasn't able to find anything which could objectively
give both sides of the issue. Besides rants about "abuse of power"
I found this:

< http://www.verisign.com/resources/gd/sitefinder/implementation.pdf >

(Google Web search for
"sitefinder-idn.verisign.com" inurl:verisign
)


Robert
---

 

[Vanguard]

I suspect some host in the route through Sprint or, more likely, the
entry host (rcsntx.sbcglobal.net) that I get stuck with on entering the
SBC Global network (SW Bell) is causing the problem. If I use a proxy
that has a route that doesn't go through that same SBC host then I can
connect without any problem. If I find a proxy that also goes through
that same SBC host then it also fails to connect (host not responding).
Unfortunately the Net is not dynamic as regards to routing (for users).
It's not like I discover a problem in the current route that I get and
can then interrogate for another route that works. I'm stuck with the
route that I get, so if a host in the path is ****ing up then I can't do
anything about it except complain to that host's owner and wait (but
since I was trying to get to the target site to get some work done, I'm
not waiting around and instead will find an alternate solution).

Regarding the reverse DNS lookup, yeah, Verisign has decided to break
with tradition and used a loophole in that now all unassigned .com and
..net domains will point to that IP address. This sucks as it breaks
software that expected a non-existent domain status got returned
(because, well, it's undefined ... but not anymore). Even as a user, I
expect to get non-existent domain reported for an unregistered domain
name, not some bogus catch-all IP address. Since Verisign is apparently
accepting e-mails at this catch-all IP address, mail software will also
break in that e-mails sent to non-existing domains may now actually get
sent out (and maybe Verisign bounces it back) but the mail server
wouldn't have bothered in the first place if the domain didn't exist and
the user wouldn't have to wait for a delayed bounceback message. Sounds
like this is a place where users will retaliate against Verisign. I
don't think bitching to Verisign will work since they already decided to
violate traditional practices and exceed their charter without warning
or permission, so we'll have to bitch to ICANN.