Unable to ping DNS any external IP address after reformat and fresh installation of macOS Catalina

I have just completed a reformat and fresh installation of macOS Catalina (10.15.7) on my 2012 Macbook so it can be passed on. The Internet is not working, though.

An identical 2012 Macbook is working fine as are other machines on the same network, so we assume our Internet is OK. We have checked the network cable on the other 2012 Mac - it is working. The problem exists regardless of whether it is cabled or Wi-Fi. On the machine in question:

  • ifconfig returns an IP address and the correct gateway.
  • Other machines on the LAN can ping the problem machine.
  • All settings (other than appropriate MACs/IPs) are identical to the other 2012 Mac which is working ok.
  • The router/gateway IP can be pinged.
  • The external IP address provided by our ISP and as identified on the router/gateway can also be pinged.
  • Neither of the DNS addresses provided by our ISP can be pinged.
  • Neither of the Google DNS IPs can be pinged 8.8.8.8 or 8.8.4.4
  • Time and date are correct.
  • nslookup www.apple.com 8.8.8.8 times out with the response no servers could be reached. Local windows machine returns a result.
  • I have tried turning it on and off again.

UPDATE

  • Problem machine works fine on my phone hotspot.
  • It can reach the Router admin page.
  • Restarting the router doesn't help and firmware is up to date.
  • BUT unplugging the router does!

Solution 1:

I’ve been in your shoes and it’s so hard to go back to the basics. If a computer can open the web page of the local router or another computer on the internal network - fix your router (after powering it down completely and all network gear to get a fresh start) or find a new network to test is my advice.

  1. If you can ping a router but not past the router - that's a router problem.
  2. If you can reach http on the router or locally but not past the router, that's a router problem.
  3. Networking is fiddly and hard - try to use DHCP and flat settings and fix the network so client setup is automatic and easy.

But, since we love to test and fix - here's my playbook for working with cranky networks. (Or worse, machines all in odd states from people that were well intentioned, but ended up breaking the network settings or diverging from what is needed on a specific network).

  1. Make a new admin account and delete everything network related. All interfaces, all adapters, all settings. Put nothing in the keychain of the new account and delete all other accounts on the Mac.
  2. Set everything to DHCP or connect to a cell phone WiFi hotspot.
  3. Open Safari and browse to captive.apple.com
  4. Focus on http and not ping - ICMP traffic is heavily filtered and dropped from some networks.
  5. Don’t try to overcome the first error you get, but learn why it failed. You shouldn't need to override DNS or bypass the router - the problem is your router, not the OS.

Pretty much the only thing I would do is issue a reachable command from the command line.

scutil -r www.apple.com
scutil -r www.google.com

If the web doesn't work to basic properties, get a network that is appropriate for testing - you wouldn't have to carry all that water you tried to debug a new OS setup - something is very off on the network to need all that.