Can't access apple.com webservers, App Store, nor Software Update

macos mac-appstore dns

Solution 1:

Given that you've already checked your DNS and /etc/hosts and flushed the DNS cache using dscacheutil -flushcache it is quite possible you have malware on your machine. You have re-installed Lion which should take care of any file corruption issues, but may not remove malware if you recovered your user files from a backup. Double-check your network settings to ensure you are not using any proxies, but other than that, malware seems the most likely culprit.

EDIT: It seems dscacheutil -flushcache no longer works to flush the DNS cache. Before we flush the cache the new way, let's take a look at it. Run:

sudo killall -INFO mDNSResponder

and then look at the system.log file. You can view it in the Console app under Files or you can view it in the terminal with less /var/log/system.log. Either way, mDNSResponder dumps a lot of information into the system.log as a result of that command, which should help pinpoint the problem. Search for "apple.com" in the results and see what you come up with. Then try 

sudo killall -HUP mDNSResponder

to actually flush the cache and try ping www.apple.com again.

You have tried dig www.apple.com which correctly resolved to e3191.c.akamaiedge.net which is a CDN domain that will have different IP addresses depending on where you connect to the internet. Try nslookup www.apple.com and you should get the same thing, e.g.

user$ nslookup www.apple.com
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
www.apple.com   canonical name = www.isg-apple.com.akadns.net.
www.isg-apple.com.akadns.net    canonical name = www.apple.com.edgekey.net.
www.apple.com.edgekey.net   canonical name = e3191.c.akamaiedge.net.
Name:   e3191.c.akamaiedge.net
Address: 23.11.77.15

So you should be able to ping www.apple.com, e3191.c.akamaiedge.net, and 23.11.77.15 (or whatever IP address you get from dig). (While it is true that many servers do not respond to ping requests, this server does respond and your problem isn't that you cannot get a response anyway, it's that you cannot resolve the domain name.) If you can ping some but not all, then you probably have a malware problem.

There were a bunch of trojans circulating as video codecs that messed with DNS. I suggest getting a reputable malware scanner and checking your system.

Solution 2:

There are two things I would try in this situation:

  1. Flush the DNS cache. This can be accomplished by running the command dscacheutil -flushcache. After running this command, attempt to run the dig and ping commands again. If they return the expected results, you should be good to go.

  2. Verify valid and responding DNS servers are responding to DNS queries. Open System Preferences -> Network. Unlock the lock icon in the lower left corner if it is locked. Select the network interface you are currently using from the left column and click the Advanced button. Click the DNS tab.

    Typically in the DNS tab, you will want to go with what ever is recommended by your ISP. If everything appears OK, consider swapping out the server addresses with one or more of the addresses from the list below:

    Google DNS

    8.8.8.8

    8.8.4.4

    OpenDNS (Not recommended if the device hosts an email Server)

    208.67.222.222

    208.67.220.220

Edit to add the following:

Another possible solution: Have you power cycled the networking equipment between your computer and your network connection? I have encountered inconsistent DNS lookups couple times with my Airport. Power cycling has resolved the troubles in at least one of those situations.

Solution 3:

You generally cannot ping large servers so I would be focusing on traceroute instead of ping since your DNS appears to be resolving the Apple servers correctly. Or you could simply telnet to the http/https ports to see that a connection is made.

telnet www.apple.com 80

Since Apple is deploying more and more update files on a Content Delivery Network (CDN), the server I get will rarely be the same server you get for a download since the CDN spreads files out geographically or based on network connectivity. Not only is internet routing fickle and changeable from moment to moment, these CDN change hosts from day to day and even sometimes moment to moment.

Currently, Akamai is serving many Apple web sites and content. The updates (app store and traditional Lion and earlier SU server) but these two IP addresses from Apple seem to be related to the critical startup process of Software Updates and the App Store Update process on Lion before it shifts to the CDN.

  • 17.146.232.12 - server in San Jose, CA that answers as part of Software Updates
  • 17.172.192.35 - server in Maiden, NC that answers as part of App Store Updates

You could traceroute to those addresses to make sure your network has connectivity to them. Instead of ping since neither of these answer that traffic, you could insted use telnet to attempt a connection over the https port which they use for update traffic.

telnet 17.172.192.35 443

Good luck picking apart the issue that is preventing your updates. It's probably not DNS from the looks of things, but stranger things have happened than to rule that out with the data at hand.

If the ping errors at the end of your question persist, you can use nslookup to try alternate DNS to see if it's really your DNS reporting bad addresses.

mac:~ me$ nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> apple.com
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   apple.com
Address: 17.172.224.47
Name:   apple.com
Address: 17.149.160.49
> www.apple.com
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
www.apple.com   canonical name = www.isg-apple.com.akadns.net.
www.isg-apple.com.akadns.net    canonical name = www.apple.com.edgekey.net.
www.apple.com.edgekey.net   canonical name = e3191.c.akamaiedge.net.
Name:   e3191.c.akamaiedge.net
Address: 23.60.173.15
> server 208.67.222.222
Default server: 208.67.222.222
Address: 208.67.222.222#53
> www.apple.com
Server:     208.67.222.222
Address:    208.67.222.222#53

Non-authoritative answer:
www.apple.com   canonical name = www.isg-apple.com.akadns.net.
www.isg-apple.com.akadns.net    canonical name = www.apple.com.edgekey.net.
www.apple.com.edgekey.net   canonical name = e3191.c.akamaiedge.net.
Name:   e3191.c.akamaiedge.net
Address: 23.1.141.15

Related

How to make external disks reappear on desktop in Mountain Lion?
What terminal commands are new or updated in Mountain Lion?
How to upgrade hard drive in Mac Mini
MySQL not working on mountain lion
Mac terminal command: how to 'ls' for some specific files?
Why does my battery drop with 1% within a minute after removing the charger?
Use 256GB USB Thumb Drive as main boot drive
Google Drive doesn't appear on my Finder
Is iTunes able to play H.265?
Messages.app (Mac) does not play sound when message received
Where does "spinning in his grave" come from?
'Investigation of' or 'Investigation into'?