[Solved] New config, now can't access website

RouterOS General
1

Hi all,

So after rebuilding my config and applying it to my unconfigured router, everything seems to be working fine, exept I can’t resolve one lone website: forums.debian.net.

I’ve tried using different browsers across two devices, and no luck.

My set-up is that I have 3x SSIDs. Home/Guest/IoT. The first two resolve to OpenDNS servers, while the IoT one resolves to Cloudflare DNS. I’ve tried connecting to the Home Network, and the IoT network on different devices but still with the same result.

So, the chances of the issue being with OpenDNS would be next to nothing.

I have got a friend to check from his network and that website resolves fine at his end. So, their server isn’t down.

It’s been down on my network for a few days now and may have co-insided with the new config. I’m not sure exactly. It’s not a website I frequent daily, but is useful when I need it.

I have no website blocker enabled on the router (well, none that I can see at least), so this seems very odd.

It doesn’t affect any other website I frequent, forum or otherwise (clearly I can access this site, for instance). I see nothing in logs. Not that I expected to, but checked anyway.

Where might I start looking?

Any help would be much appreciated.

Cheers.

2

Without a crystal ball, hard to tell ...

You may want to provide your config since that first line of your post already made it a suspect.

OT: as for OpenDNS not being a suspect, be careful with that statement.
Here in Belgium OpenDNS does NOT work anymore (already for some months) since they were convicted in court for not doing enough effort to block illegal streaming sites.
One day it simply stopped working and nobody was informed (apart from some specialized IT-related media, which is where I picked it up when researching possible reasons for the breakdown).

As for testing: you can already try 8.8.8.8 as well for DNS resolution.
If that also doesn't work, my first place to look would be config.

3

Nope, didn’t work either.

Interesting. Might be why it’s not blocking YT adds in Firefox? Brave has it’s own add blocker so works fine. Just as an aside, do you know if Cloudflare’s family DNS servers are better than OpenDNS?

Here’s the config…

hAPAX2.rsc (11.1 KB)

Thanks @holvoetn for your help so far.

4

I wouldn't say Cloudflare has been an example of stability the past months :rofl:
It has to be said though, when they goof up, they REALLY go all the way.

From your config:
can you disable those 2 lines in firewall NAT (I suppose you are forcing all DNS requests to OpenDNS with this)

add action=dst-nat chain=dstnat comment=OpenDNS-TCP dst-port=53 protocol=tcp \
    to-addresses=208.67.222.123 to-ports=53
add action=dst-nat chain=dstnat comment=OpenDNS-UDP dst-port=53 protocol=udp \
    to-addresses=208.67.222.123 to-ports=53

Then clear all firewall connections (or reboot)
and test again using all SSIDs.

5

disabled as requested, rebooted router and tested all 3 SSIDs, no change.

6

I tested forum.debian.net at the office and also I’m unable to resolve it. Also tested on my mobile phone connected to the 5G so no wireless connection is enabled and I get the same thing.

It seems that there is no problem with your configuration but with this website.

forum.debian.net
forum.debian.net600×1335 20.5 KB

7

Thanks @gigabyte091 , seems strange then that my friend can resolve it. But I’m happy now!

I was struggling how to see how it could be the config. And now I know.

Though the website should have has https://forum… Any chance of giving it another try please?

Much appreciated!

8

It's not forum it's forums.
https://forums.debian.net/

1 Like
9

Correct.
forumS does work
forum does not.

As for config: despite what you set for the various networks, you resolved always to OpenDNS with those 2 firewall rules. Maybe something to revisit as well.

10

Any other ideas?

11

Are you sure about that URL ?

I just checked with an online DNS resolve tester, red across the board all over the world.
Conclusion: that URL is not correct.

Maybe your friend has a local remapping in his DNS environment and you had it too in the past ?

12

Its possible. Even Brave search can’t seem to load it…

Screenshot_20251215_220801
Screenshot_20251215_220801296×121 7.65 KB

So maybe it’s a dead link now?

It didn’t come up with a correct one?

I’ve found another Debian forum, which loads fine under the Linux Questions URL. That’s been going quite a while it seems.

So, not the config then?

13

DNS Checker - DNS Check Propagation Tool.

You can use this site to see if it's a local or global DNS problem. As you can see forum.debian.net doesn't exist.

And here is the result for the correct forums.debian.net domain: DNS Checker - DNS Check Propagation Tool.

14

That's the one I used.

15

So, that looks good for the site but I note there are no dns servers listed for NZ, where I am.

16

You use OpenDNS ... yes ?

What NZ based DNS servers would there be then to use ?

17

Yes re opendns, but only for the Home and Guest SSID - not IoT which fails too.

But running that same test for NZ…

Screenshot_20251215_222414
Screenshot_20251215_222414475×265 22.9 KB

18

There you use Cloudflare. Yes ?
Based in ... ?

What are you trying to look for ?
People from various locations around the world indicate the url you provided does not work.
Why would it magically work from NZ then ?

Or is this something you set up (or someone else) recently ? In that case it can effectively take 48h before that info has been propagated across all servers.

19

I’ve tried to add a few DNS servers but all get refused.

When I ran the worldwide test, it came out all ticks -

Screenshot_20251215_223608
Screenshot_20251215_223608667×465 60.8 KB

Maybe I read this wrong, but if they all resolve, doesn’t that mean the site is good?

Screenshot_20251215_223853
Screenshot_20251215_223853466×603 45.9 KB

20

And now you use forumS.debian.net ....

again:
forum.debian.net -> no go
forums.debian.net -> Go.