On 2016/06/14 13:48, Chris Bennett wrote: > On Tue, Jun 14, 2016 at 05:28:48PM +0000, Stuart Henderson wrote: > > On 2016-06-14, Chris Bennett <chrisbenn...@bennettconstruction.us> wrote: > > > They both work for me also, with dig @8.8.8.8, etc. > > > Whois fails, lynx, elinks, firefox cannot connect outside > > > > > > Could this problem be because of my being behind the wifi NAT? > > > > Compare the full output from resolving there with dig with the same > > thing ssh'd to another host (or post it here so someone else can compare). > > > > from OK server: > > dig bsd.org @8.8.8.8 +trace
+trace means you're doing a (local resolver) lookup for subsequent hostnames. Better to do a lookup of the name directly. This is what I see for that lookup, compare the flags line too (should have 'ra' if querying a resolver, 'aa' if querying an authoritative server). $ dig bsd.org a @8.8.8.8 ; <<>> DiG 9.4.2-P2 <<>> bsd.org a @8.8.8.8 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45967 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bsd.org. IN A ;; ANSWER SECTION: bsd.org. 21599 IN A 192.231.225.11 ;; Query time: 171 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Jun 14 21:04:16 2016 ;; MSG SIZE rcvd: 41 Other things that might be of interest: $ dig debug.opendns.com txt @208.67.222.222 - if the dns lookup isn't intercepted, this gives an answer section with *your* IP address and information about the anycast node you connected to. $ dig whoami.akamai.net a +short @208.67.222.222 $ dig whoami.akamai.net a +short @8.8.8.8 etc. - this returns the address that queried akamai's nameserver. lookup that address and check it matches what you expect for the nameserver you're using, if not then there's some interception going on and if it's done badly then it may be breaking lookups. e.g. $ dig whoami.akamai.net a +short @8.8.8.8 74.125.47.140 $ whois -m 74.125.47.140 route: 74.125.47.0/24 descr: Google origin: AS15169 notify: radb-cont...@google.com mnt-by: MAINT-AS15169 changed: radb-cont...@google.com 20150728 source: RADB If you can't find some other way to get things working then at least you should be able to browse by "ssh -D 1080 somehost" and setting the browser to use 127.0.0.1:1080 as SOCKS proxy, and tell it to have the far end resolve DNS (in Firefox, tick the 'remote DNS' box).
