DNS resolves wrong IP address in one country

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.



If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.



The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.



The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.



The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.



Here is what I looked at/ tried so far:



  • Checked all Apache 2 vhost conf.

  • Checked iptables (empty) and /etc/hosts and /etc/resolv.conf (safe)

  • Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
    Checked claroline code base: it look safe, but it's huge. I can't check all files.

Here is a nslookup on one of the student Windows computers:



C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161


And of course, 195.186.210.161 is not the correct IP address of the server.



I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.






domain-name-system







share|improve this question









New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
    – David Goate
    5 hours ago











  • Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
    – David Goate
    5 hours ago










  • @DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
    – iizno
    5 hours ago










  • @DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
    – iizno
    5 hours ago










  • Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
    – yagmoth555♦
    5 hours ago














up vote
3
down vote

favorite












One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.



If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.



The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.



The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.



The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.



Here is what I looked at/ tried so far:



  • Checked all Apache 2 vhost conf.

  • Checked iptables (empty) and /etc/hosts and /etc/resolv.conf (safe)

  • Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
    Checked claroline code base: it look safe, but it's huge. I can't check all files.

Here is a nslookup on one of the student Windows computers:



C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161


And of course, 195.186.210.161 is not the correct IP address of the server.



I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.






domain-name-system







share|improve this question









New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
    – David Goate
    5 hours ago











  • Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
    – David Goate
    5 hours ago










  • @DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
    – iizno
    5 hours ago










  • @DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
    – iizno
    5 hours ago










  • Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
    – yagmoth555♦
    5 hours ago












up vote
3
down vote

favorite









up vote
3
down vote

favorite











One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.



If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.



The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.



The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.



The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.



Here is what I looked at/ tried so far:



  • Checked all Apache 2 vhost conf.

  • Checked iptables (empty) and /etc/hosts and /etc/resolv.conf (safe)

  • Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
    Checked claroline code base: it look safe, but it's huge. I can't check all files.

Here is a nslookup on one of the student Windows computers:



C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161


And of course, 195.186.210.161 is not the correct IP address of the server.



I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.






domain-name-system







share|improve this question









New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











One of my friend has an eLearning website based on Claroline. Two days ago, only Switzerland users started to get redirect "randomly" on another IP address when accessing the website domain.



If I force the DNS server to 8.8.8.8 or 9.9.9.9 on the students' PC, the domain is resolved correctly. But if I stay with the local Swiss DNS Server, it resolves to a bad (blacklisted) IP address.



The strange part is: It's not only this one customer and his own computer. Every student based in Switzerland is affected as well. But not French ones.



The second strange part is: Some page responds from this false IP address with the correct content. Like the eLearning was duplicated on another server OR cached somewhere.



The server is an old Ubuntu 10.04.4 LTS, and it is probably not correctly protected / configured. I have full access on this server, but I didn't manage it, so I'm not sure what to look for or even what to do.



Here is what I looked at/ tried so far:



  • Checked all Apache 2 vhost conf.

  • Checked iptables (empty) and /etc/hosts and /etc/resolv.conf (safe)

  • Asked Swisscom (main Swiss telecom) if they blacklisted the domain or something: Nope
    Checked claroline code base: it look safe, but it's huge. I can't check all files.

Here is a nslookup on one of the student Windows computers:



C:WINDOWSsystem32>nslookup
Serveur par défaut : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

> elearning.affis.ch
Serveur : UnKnown
Address: fe80::8e59:c3ff:fecf:8d9b

Réponse ne faisant pas autorité :
Nom : elearning.affis.ch
Address: 195.186.210.161


And of course, 195.186.210.161 is not the correct IP address of the server.



I'm not a system administrator. I'm just helping a friend, so I'm not sure on what to look next.






domain-name-system




domain-name-system






share|improve this question









New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 11 mins ago









Peter Mortensen

2,09742124




2,09742124






New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









iizno

1162




1162




New contributor




iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






iizno is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
    – David Goate
    5 hours ago











  • Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
    – David Goate
    5 hours ago










  • @DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
    – iizno
    5 hours ago










  • @DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
    – iizno
    5 hours ago










  • Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
    – yagmoth555♦
    5 hours ago
















  • Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
    – David Goate
    5 hours ago











  • Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
    – David Goate
    5 hours ago










  • @DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
    – iizno
    5 hours ago










  • @DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
    – iizno
    5 hours ago










  • Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
    – yagmoth555♦
    5 hours ago















Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
– David Goate
5 hours ago





Perhaps it's possible the ISP of those students are attempting to perform some smart caching and so are interfering with the DNS. Are they all at the same university for example? If you utilise HTTPS for your server, then they can still modify the DNS, but the end user would see a certificate error if the DNS result is pointing to a server other than your own as they would not be in possession of the private key.
– David Goate
5 hours ago













Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
– David Goate
5 hours ago




Also, are you sure the IP address of the server is static? For example if frequently changing or recently changed within the TTL of the DNS record then it's possible that the DNS is being resolved to an old (once valid IP) - although that wouldn't perfectly explain why they do see mirrored content. If you use a tool such as mxtoolbox.com/DNSLookup.aspx you might be able to see the TTL of the A record or CNAME record attached to the domain.
– David Goate
5 hours ago












@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
– iizno
5 hours ago




@DavidGoate That's the fun part, students are at home, all over France and Switzerland. The French one doesn't have any problem.
– iizno
5 hours ago












@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
– iizno
5 hours ago




@DavidGoate Server IP is fix and never changed. dnschecker.org/#A/elearning.affis.ch doesn't show any errors.
– iizno
5 hours ago












Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
– yagmoth555♦
5 hours ago




Hi, another thing that can happen, as I seen some error like that in the past, it can be a badly maintained DNS server by the ISP. I seen DNS zone that was transfered but never erased at the ISP level, thus leading to strange error.
– yagmoth555♦
5 hours ago










1 Answer
1






active

oldest

votes

















up vote
7
down vote













If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.



I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.



At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.



Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.






share|improve this answer






















  • That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
    – iizno
    5 hours ago






  • 4




    We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
    – MadHatter
    5 hours ago










  • It seems like a problem that could be solved with a lawyer in the right jurisdiction...
    – R..
    3 hours ago










  • Could a Competent Sysadmin freelance resolve this issue ?
    – iizno
    3 hours ago






  • 1




    If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
    – Joshua Dwire
    1 hour ago










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






iizno is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f935025%2fdns-resolves-wrong-ip-address-in-one-country%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
7
down vote













If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.



I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.



At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.



Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.






share|improve this answer






















  • That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
    – iizno
    5 hours ago






  • 4




    We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
    – MadHatter
    5 hours ago










  • It seems like a problem that could be solved with a lawyer in the right jurisdiction...
    – R..
    3 hours ago










  • Could a Competent Sysadmin freelance resolve this issue ?
    – iizno
    3 hours ago






  • 1




    If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
    – Joshua Dwire
    1 hour ago














up vote
7
down vote













If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.



I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.



At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.



Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.






share|improve this answer






















  • That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
    – iizno
    5 hours ago






  • 4




    We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
    – MadHatter
    5 hours ago










  • It seems like a problem that could be solved with a lawyer in the right jurisdiction...
    – R..
    3 hours ago










  • Could a Competent Sysadmin freelance resolve this issue ?
    – iizno
    3 hours ago






  • 1




    If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
    – Joshua Dwire
    1 hour ago












up vote
7
down vote










up vote
7
down vote









If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.



I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.



At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.



Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.






share|improve this answer














If you point a browser at the IP address returned, http://195.186.210.161/, you get Swisscom's "dangerous website blocked" message. My guess is that their "safe internet" content-blocking system works, at least in part, by lying in response to DNS requests, and that your website is falling foul of them, for some reason.



I understand that you asked them if they were blocking you, but in my experience even medium-sized ISPs' front-line tech support don't have the slightest idea what's going on out back. It's quite possible that the whole nanny system is outsourced (or done by a third-party commercial product) and that nobody at Swisscom has any idea which sites are blocked at any given time. Asking your student if (s)he has any kind of "nanny internet" settings on may be more productive.



At the end of the day, this may not be a problem you can solve, since you're not that ISP's customer, and they owe you nothing. Having the student's parent call their ISP support, complain loudly about wrong DNS resolution, and threaten to change ISP if it's not resolved, is likely to be the only thing that has any effect.



Edit: this thread suggests that Swisscom's site blocking engine can be a bit over-enthusiastic, and that it's not always easy to get any kind of positive resolution from them. It also suggests that this isn't an opt-in filter, but that it applies to all Swisscom customers whether they like it or not, so opting out of it may prove to be difficult.







share|improve this answer














share|improve this answer



share|improve this answer








edited 1 hour ago

























answered 5 hours ago









MadHatter

68.4k11139203




68.4k11139203











  • That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
    – iizno
    5 hours ago






  • 4




    We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
    – MadHatter
    5 hours ago










  • It seems like a problem that could be solved with a lawyer in the right jurisdiction...
    – R..
    3 hours ago










  • Could a Competent Sysadmin freelance resolve this issue ?
    – iizno
    3 hours ago






  • 1




    If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
    – Joshua Dwire
    1 hour ago
















  • That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
    – iizno
    5 hours ago






  • 4




    We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
    – MadHatter
    5 hours ago










  • It seems like a problem that could be solved with a lawyer in the right jurisdiction...
    – R..
    3 hours ago










  • Could a Competent Sysadmin freelance resolve this issue ?
    – iizno
    3 hours ago






  • 1




    If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
    – Joshua Dwire
    1 hour ago















That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
– iizno
5 hours ago




That's why I think too but, why are some pages displaying the correct content and other just timed out. ? It's like they duplicate some pages.
– iizno
5 hours ago




4




4




We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
– MadHatter
5 hours ago




We don't know what they're using, so we can't know how it works. Maybe the first-line decision is taken at DNS resolution time, but the system at 195.186.201.161 implements a second-line decision based on what URL is requested, proxying through to the real server if and only if it decide the content is "safe". Once people start trying to bend internet protocols in pursuit of some (unattainable) vision of a "safe" internet, nearly anything can go wrong.
– MadHatter
5 hours ago












It seems like a problem that could be solved with a lawyer in the right jurisdiction...
– R..
3 hours ago




It seems like a problem that could be solved with a lawyer in the right jurisdiction...
– R..
3 hours ago












Could a Competent Sysadmin freelance resolve this issue ?
– iizno
3 hours ago




Could a Competent Sysadmin freelance resolve this issue ?
– iizno
3 hours ago




1




1




If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
– Joshua Dwire
1 hour ago




If it is actually being proxied and scanned, forcing HTTPS could help (or hurt). The ISP would at least only have the choice of blocking the entire site or none at all rather than blocking some pages and not others. This may make things less confusing for users.
– Joshua Dwire
1 hour ago










iizno is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















iizno is a new contributor. Be nice, and check out our Code of Conduct.












iizno is a new contributor. Be nice, and check out our Code of Conduct.











iizno is a new contributor. Be nice, and check out our Code of Conduct.













 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f935025%2fdns-resolves-wrong-ip-address-in-one-country%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

Long meetings (6-7 hours a day): Being “babysat” by supervisor

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
Read more

Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
Read more

Confectionery

Image
Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
Read more