Bizarre DNS Issue That's Driving Me Bananas!

[mando]

Hey y'all, I have a website that loads fine on mobile via wi-fi. However, when using mobile data, android users are greeted with "DNS_PROBE_FINISHED_NXDOMAIN" and iOS users with "Safari cant open page because server cant be found". After some research, I discovered that by changing the DNS on my mobile browser to either Google Public DNS or Cloudflare, I was able to access the site using mobile data.

This is obviously an issue as majority of people do not bother adjusting the DNS settings on their mobile browser. I tried moving the site over to a different hosting company, gave it 3-4 days, and still the same result. Hosting company has no answers.

Has anyone ever ran into this issue and found a solution?

 

[CCarter]

This happens when there is a misconfiguration of IP Addresses, usually within the server.

I tried moving the site over to a different hosting company,

Are you using a CDN of some sort? Moving hosting would solve the problem but clearly the problem moved with your site. So it sounds like your website's software is misconfigured somewhere. I suspect your website server/software think it's another server (IP Address wise).

Imagine my home address is 789 Ocean Drive, but when packages delivery guys come there, the doorman opens and says - no this is 787 - then closes the door, even though it the address physically says 789.

Internally your server thinks it is something else. That's what I imagine as least is happening.

Look at your nameserver settings, CNAME (i suspect this the most), and A records. Somewhere it's saying the wrong address - ip address or domain.

 

[mando]

Appreciate the feedback @CCarter. The site is currently hosted on Kinsta, they utilize Cloudflare CDN, and support recommended to give it another day or two and that the records are spot on. So, I'll wait and go from there.

 

[illmasterj]

1. Use https://dnschecker.org/ and see if any are slow to update. Sometimes it can be very slow.
2. If you're using CloudFlare, try disabling for (no caching) just to remove that variable
3. Clearing any cache known to man (browser cache)

In theory with what you've written it sounds as though the DNS change to your new hosting is cached aggressively at a certain ISP, so anyone accessing over mobile is getting the errors.
Your local wifi is a different connection/different cache if cached at all, which is why it's working fine even when using the same device.
It's just a hunch, but if you can get someone who uses a different mobile network to try it over data.

 

[mando]

Thanks @illmasterj. After running more tests, I found that the site doesn't load for any Verizon carrier no matter what state they live in. Hopefully this can be resolved asap. I'll let you guys know in case anyone ever runs into this issue.

 

[CCarter]

I found that the site doesn't load for any Verizon carrier no matter what state they live in.

You know I do remember running into an issue with certain mobile carrier customers. No one could load the site from ATT I believe.

I THINK it was due to some IPv6 stuff. Do you know if you have IPv6 setup by any chance? Try turning it off and seeing if that helps.

Edit: here are my notes from 7-10-2019:

Problem turned out to be AT&T attempting to connect with ipv6, but getting disconnected by nGINX then attempts to switch to ipv4. Solution is to remove the ipv6 version of the DNS on all servers that run nGINX, until a real solution can be found.​

So at some point people on ATT were attempting to go to a subdomain we had, api.serpwoo.com, that was using NGINX but could not connect. Turning off IPv6 temporarily solved the problem. I'm not sure if I ever followed up with it.

 

[mando]

IPv6 is turned off. I came across this reddit thread with someone experiencing the same Verizon issue:

https://www.reddit.com/r/verizon/comments/10nxlpp/my_website_wont_work_on_verizon_phones

Reaching out to Infoblox.

 

[CCarter]

IPv6 is turned off.

Have you tried it without CloudFlare?

Also if you switched hosting, wouldn't your IP Address change?

So it might be your domain is blacklists on spam database...

How long have you owned this domain and how did you acquire it?

Could be the previous owner was spamming malware according to the reddit thread.

 

[jelf]

You can supposedly query specific domain name servers with this tool:
https://manytools.org/network/query-dns-records-online/

And they have a list of specific DNS servers eg:
https://www.whatsmydns.net/dns/usa/verizon.html

I might add one of my domains didn't come up from verizon DNS server I tried. Could be the tool, could be I'm in Aus. There are other similar sites I'm sure.

 

[Jamaica0007]

You could also use a cheap domain name you are not using, make an identical copy of your site with identical DNS settings and see if the problem still occurs.

I would take the following steps in this order:

- Obtain a cheap or spare domain
- Upload a single page with one word on it with identical settings and hosting.
- If the problem occurs then reset the DNS to the most basic settings.
- If it still occurs then the problem has to be with the provider.

- If it does not occur then copy your site exactly as it is up to the spare domain.
- Check to see if the problem appears and if it does you know it is your content causing it.
- Reset the domain settings to identical settings
- Check to see if the problem appears and if it does the problem is the domain settings.

You could also try a different CDN like Netlify (free) just to test.
It could also be that you are setting things correctly on the DNS but the provider has a misconfiguration that is either ignoring your changes or wigging out in some way.

You could also try bypassing the DNS of your provider with something like DNS made easy or equivalent.

****Just read that reddit thread, I would definitely go with the site being either on a block list or spam list.

 

[mando]

The domain was purchased at auction 10 years ago and it's always been clean. Tried without cloudflare and it still wont load. Ran it through several spam and blacklist checkers and it's clean. Appreciate the recommendations from everyone.

 

[CCarter]

still wont load

Have you tested whether this happens on Apple iPhones or other Apple devices?

 

[mando]

Have you tested whether this happens on Apple iPhones or other Apple devices?

Yes, tested on android and iphones in different states. We've have been considering changing the brand name for some time now so this may be our final option. If we were to do the appropriate 301s to the new domain, do you believe the issue would carry over or no way to tell until it's executed?

 

[CCarter]

If we were to do the appropriate 301s to the new domain, do you believe the issue would carry over or no way to tell until it's executed?

If they cannot get to the website visitors cannot be 301ed, since that happens within the site's settings.

Honestly it sounds like Verizon is blocking that particular domain for whatever reason, could have been someone spoofing your domain for email spam if you didn't have SPF and Dmarc setup. They sent spam for Flashlights or something for 6 weeks to millions of people and burnt your domain within Verizon. That's my theory.

301 will redirect Google and others, except for Verizon people going through the old domain. You'll need to update as much web2.0 and social profiles out there.

Make sure you can visit the new domain on Verizon first though.

 

[BUS]

After some research, I discovered that by changing the DNS on my mobile browser to either Google Public DNS or Cloudflare, I was able to access the site using mobile data.

You found the crux of the issue already. If the DNS resolved, propagated and was accepted properly, it would have worked on any phone (with proper DNS servers backing it up).

Since it is only Verizon (based on a quick reading of your thread) that has issues, as the reddit thread you pointed to indicated, this could be Infoblox - did they respond? Can your host contact them?