My site does not work on some ISPs and it is not related to DNS

yigit2 · March 1, 2024, 5:59pm

Hi all,

Since this morning, we are experiencing loading problems from our users. User reports come from various countries. It is not country-specific.

Luckily, my home wifi is also affected. So I could diagnose the issue.

My site is proxied by cloudflare.
My site works when I am on VPN, but doesn’t work on wifi.
It is the same when I tried from 2 mobile devices and laptop.
I ran the DIG command and confirmed that the DNS server return the same IP addresses on VPN and vanilla WIFI. DNS is not problematic.
When I try to connect curl -v -H “Host: my-subdomain.com” http://104.26.13.xxx, it works when I am on VPN, and it doesn’t work when I am not on VPN.
For some reason these IP addresses are blocked.
I disabled the “proxy” option from the DNS console and it worked fine.

Any thoughts why this could happen and what should we do to re-enable the proxy mode?

sjr · March 1, 2024, 6:03pm

What is the domain name?

yigit2 · March 1, 2024, 6:04pm

Here is an example one that I didn’t change:
indexer-mainnet.chain.perawallet.app

sjr · March 1, 2024, 6:10pm

What happens when it “doesn’t work”?

yigit2 · March 1, 2024, 6:14pm

Nothing.

curl -v indexer-mainnet.chain.perawallet.app
*   Trying 104.26.13.206:80...

And If we want to avoid the DNS probability, lets dig the DNS response:

;; ANSWER SECTION:
indexer-mainnet.chain.perawallet.app. 300 IN A	172.67.75.196
indexer-mainnet.chain.perawallet.app. 300 IN A	104.26.12.206
indexer-mainnet.chain.perawallet.app. 300 IN A	104.26.13.206

Lets get one of the IPs and compose CURL again, this time directly to the IP:

curl -v -H “Host: indexer-mainnet.chain.perawallet.app ” http://104.26.12.206

Response:

Trying 104.26.13.206:80…

yigit2 · March 1, 2024, 6:17pm

And then:

connect to 104.26.13.206 port 80 failed: Operation timed out

sjr · March 1, 2024, 6:32pm

Can you try a traceroute (or better still, a tcptraceroute) to see where the connections stops? Will be location specific due to the anycast IPs.

DarkDeviL · March 1, 2024, 6:42pm

To be able to dig any further, you would need information from those customers that are seeing issues:

What ISP / provider, preferably their AS number?
The AS number can be found here:

https://1.1.1.1/help
→ AS Number
https://bgp.tools/
→ The AS number shown under “You are connecting from” like this: “Cloudflare, Inc. (AS13335)”
https://bgp.he.net/
→ The AS number shown like this: “Your ISP is AS13335 (Cloudflare, Inc.)”

What country (and preferably state/region)?

This information (especially the AS number) would be essential for Cloudflare (and/or any other network) in order to be able to dig further in to such issues.

Although it does not appear country specific, it could still be related to a specific ISP’s network in certain countries, regions or cities, which is why all such kind of information is necessary to troubleshoot.

yigit2 · March 1, 2024, 6:52pm

Update: I solved the issue by upgrading to Argo Smart Routing. This led to a change in the IP addresses.

I will continue investigating the issue.

The country is Spain. Many people reported from other parts of the world as well. One example is Colombia.
The AS number is:

TELEFONICA DE ESPANA S.A.U. (AS3352)

DarkDeviL · March 1, 2024, 7:12pm

Running a traceroute to this specific IPv4 address from AS3352 in Andalusia, Spain, the traceroute ends at the hop with the IPv4 address 81.46.0.229 (229.red-81-46-0.customer.static.ccgg.telefonica.net), which is still within AS3352 / TELEFONICA DE ESPANA S.A.U.

This would normally suggest that AS3352 / TELEFONICA DE ESPANA S.A.U. is blocking access to this specific IP address.

AS3352 / TELEFONICA DE ESPANA S.A.U. could maybe have received one or some court orders, requesting them to block access to certain websites, where AS3352 / TELEFONICA DE ESPANA S.A.U. then took the bad decision to look up the IP address for the relevant domain(s), and started the blocking based on the IP address(es) the domain(s) had at the time being.

Such blocking by IP address will unfortunately give (sometimes severe) consequences with most CDN / hosting providers out there, as they will end up on blocking a lot of innocent websites as well.

yigit2 · March 1, 2024, 8:50pm

Thank you very much @DarkDeviL and @sjr. I wish there was an easy way to report this situation and change IP addresses of the proxy servers.

system · March 7, 2024, 1:36pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

PleaseRate · March 7, 2024, 1:36pm

Hi @yigit2, your topic has a solution here.

Let us know what you think of the solution by logging in and give it a or .

Solutions help the person that asked the question and anyone else that sees the answer later. Login to tell us what you think of the solution with a or .

Topic		Replies	Views
Issue with DNS Proxy Preventing Site from Loading on Certain Networks DNS & Network	2	16	February 25, 2025
The site is not working after adding cloudflare! DNS & Network ISPBlock	24	4465	October 19, 2022
Some people can't connect to our website, DNS seems to change for some and point to nothing DNS & Network	11	2518	June 16, 2021
My site sometimes it doesn't load on my country. Cloudflare IP´s are being blocked by ISP DNS & Network	9	2384	March 10, 2022
Site not loads (timeout) when using cloudflare proxy DNS & Network CloudflareTunnel	4	3264	August 12, 2022

My site does not work on some ISPs and it is not related to DNS

Related topics