Cannot reach Akamai domains
pjmarz
Newbie

The Intro

Recently, I have been having issues reaching websites hosted on Akamai that just started a few weeks after switching to the Verizon G3100 router. I assume these are mutually exclusive but having FiOS for almost 4 years with no issues, this made me had my suspicions. 

The Issue

Starting just over a week ago, attempting to reach any website that is hosted on Akamai yields me a variation of the page below:

e.g.: www.godaddy.com

error: https://imgur.com/a/qbtaw33

I tried running tracert on that website and got this result, which led me to believe it was an issue with Akamai (all tracert for the troubled domains return something like this). This included websites like AMEX, Synchrony Bank (for my Verizon Visa Card), Steam, EA, Costco, and more; any and everything hosted on Akamai. An example of a website that can be reached would be Facebook, and the tracert looks like this

This issue appears on every device that is connected to my G3100 router and does not appear on cellular, or my company issued work laptop (which uses a VPN).

Additionally, I have a raspberry pi running pi-hole as a router-wide ad blocker. I know what you're thinking, and trust me, it isn't the Pi. I have been running pi-hole for almost a year now with 0 issues at all (first on another router and now this one), but as a precaution, I turned it off and set my router to use the automatically obtained DNS from Verizon for a few days. Lo and behold, the issue was still present. 

The Story

I have factory reset and rebooted my router and ONT more times than I can count. I called Verizon FiOS support, where the first rep released and assigned a new public IP to my router, which temporarily fixed the issue until the next day.

I called back the next day, and the second rep did the same thing as well, confident it would fix the issue. I informed this rep of the Pi that I was running and from then on out he was CONVINCED it was the Pi. I informed him that I already troubleshot without it involved, but per his instructions, he released and assigned a new public IP and we tested it for a few days with no Pi involvement.

Less than 12 hours later, the issue was back. I called again and spoke to a third rep who tried the same remedy as before, and then passed on a ticket to the Network Operations team. I went into the weekend with no issues at all, assuming they fixed it, only to be surprised on Monday morning the issue had returned.

I called Verizon again and the fourth rep then informed me that this was not a Verizon issue, and they could not assist me further. They did reach back out to the Network team, and apparently, they were still working on it (unknown to me). She passed along some additional information, but the overall tone was I was up the creek without a paddle.

The Request

I am unsure where to turn to for further help at this point. I assume the new router and this issue are not related, so I am handling it as a network issue; one that Verizon has washed their hands from. Any and all recommendations for this would be more than appreciated! I am happy to provide any more information if needed to get to a permanent result. I am at my wits end and can't handle having a rep refresh my IP once more before I break my monitor

Thank you!

0 Likes
Reply
1 Solution
gs0b
Community Leader
Community Leader

More tests are always good, either to confirm behavior or to provide more data points.

If you have two computers  you can plug directly into the ONT, that will help verify if the issue is repeatable or not.  Make sure both computers are set to get DNS server settings from the DHCP response and don't have DNS settings fixed.  If these are Windows machines, use nslookup to confirm the default server.  If they both have the issue, that gives you two data points to share with Verizon support.

You could also try fixing the DNS server on one or more of your devices to see if that changes anything.  I suggest you point to Google's, Cloudflare or OpenDNS,  This will help determine if DNS has anything to do with this issue.

As you've noted, their front line support often doesn't not understand this sort of issue.  Try their social media support for you next engagement.  They can be reached by tweeting @verizonsupport or posting on their facebook page.  They should be more helpful.


For another data point, I have OpenDNS configured as the DHCP server in my G1100.  All of my clients go to the router to get DNS, and all of the sites you listed are accessible.

View solution in original post

10 Replies
gs0b
Community Leader
Community Leader

The one-hop tracert results have nothing to do with the router.  It's a problem with the way the fios network handles ICMP pings, which is what Windows tracert uses.  It basically "eats" them, and always returns two hops regardless of the actual path.  They way around this is to use a traceroute command that supports UDP pings.  Linux traceroute can do this, and you may be able to find alternative Windows tracert commands that support it as well.  Although they may have a small cost.

The tracert problem has been around for a while.  You can find posts about it here and on other sites.  I hope Verizon fixes it soon, but it's not up to me.
https://forums.verizon.com/t5/Fios-Internet/TraceRT-broken/td-p/896334

As for your issue, I can reach godaddy without issue.  I don't use a G3100, although I doubt that is the problem.  Perhaps one of the other users here who has a G3100 will comment.

I'm not surprised Verizon support washed their hands of your setup.  They are simply not equipped to support networks that have non-Verizon equipment such as a pi-hole.  They are laser focused on networks deployed in a typical way with Verizon equipment, as that's what most consumers will use.

To support a network like  yours, that's where this forum may be able to help!  As a starter, though, can you try testing without the pi-hole?  That's a good debugging technique that will help determine if there is some odd interaction between the router and the pi-hole.

pjmarz
Newbie

My networking knowledge is limited, so I apologize if I misaddress a topic you mentioned or don't provide the right information you asked for:

Part of the troubleshooting I noticed I left out was with a Verizon rep who had me plug the Ethernet from my ONT directly to my PC and I still received couldn't reach certain sites, effectively removing the router from the equation. As for your comment on my Pi, I believe I mentioned in my initial post that twice was the Pi taken out of the loop: once on my own and once again after the temporary remedy provided by the Verizon rep; both were ineffective as the issue was present regardless of if the Pi was involved or not. 

0 Likes
Reply
Cang_Household
Community Leader
Community Leader

I just tried to load the websites you listed behind a G3100. They all work except the last one.

Have you changed your default DNS servers ever?

pjmarz
Newbie

Additionally, my Pi's upstream IPv4 DNS was previously set to Cloudflare's 1.1.1.1., and is currently set to Googles 8.8.8.8. The issue has occurred when either one was set under my Pi, as well when the Pi was disabled and the router used the automatically obtained DNS from Verizon. 

0 Likes
Reply
gs0b
Community Leader
Community Leader

More tests are always good, either to confirm behavior or to provide more data points.

If you have two computers  you can plug directly into the ONT, that will help verify if the issue is repeatable or not.  Make sure both computers are set to get DNS server settings from the DHCP response and don't have DNS settings fixed.  If these are Windows machines, use nslookup to confirm the default server.  If they both have the issue, that gives you two data points to share with Verizon support.

You could also try fixing the DNS server on one or more of your devices to see if that changes anything.  I suggest you point to Google's, Cloudflare or OpenDNS,  This will help determine if DNS has anything to do with this issue.

As you've noted, their front line support often doesn't not understand this sort of issue.  Try their social media support for you next engagement.  They can be reached by tweeting @verizonsupport or posting on their facebook page.  They should be more helpful.


For another data point, I have OpenDNS configured as the DHCP server in my G1100.  All of my clients go to the router to get DNS, and all of the sites you listed are accessible.

pjmarz
Newbie

u/gs0b made a good catch that the Steam URL I provided was wrong; the correct one is https://store.steampowered.com/. However, that one does not load for me either.

Aside from setting the router DNS to my Pi, it would normally be set to the "obtain automatically" option that you'd see here. My initial post more or less confirmed with two separate tests that the issue occurs regardless of if the Pi is involved or not. 

0 Likes
Reply
Cang_Household
Community Leader
Community Leader

What exact domains are you trying to reach?

pjmarz
Newbie

Below are just some websites that I try to reach and receive a variation of that Access denied error:

The only pattern I've noticed is running a tracert on these and they all come back with "deploy.static.akamaitechnologies.com" somewhere in the final hop

0 Likes
Reply
gs0b
Community Leader
Community Leader

I can reach all of those domains.

Note the last one is really https://store.steampowered.com/.  The URL you typed is not valid.

Yes, I missed that you documented a test without the pi-hole in your OP.  It's good that you tested without it and reported the results.

If you are getting the same results with the PC directly connected to the ONT, that clearly removes the router from the equation.  Do you have other computers or devices you can test?  Is it possible there is a setting on the PC that is blocking certain sites?

If  you test with multiple devices and they all have the issue, that would point to an issue in the local Verizon network.  Especially if you have multiple devices you can connect to the ONT's Ethernet without the router.

pjmarz
Newbie

Good catch on the Steam URL, that is my mistake. The correct one that you included is indeed the one that I cannot reach.

I can confirm that I have this issue on every device that is wired or wirelessly connected to my G3100, and the one device I tested connected directly to the ONT. For example, on Wi-Fi I cannot load the Costco home page in its iOS app, nor the Steam store page in its iOS app; they both yield the same Access denied error I see in my web browser. However, these sites load perfectly fine on cellular from my mobile phone, or from another device connected to my phone's hotspot. 

I have not tested another device hardwired directly to the ONT, simply because I think the evidence we have gathered so far would deem in redundant. However, I can certainly try if you think it may yield a different result!

0 Likes
Reply