blocked.domain.gstatic.com - Where could this blocking be?
As of this morning we were having serious issues (partially loaded site with no functionality) accessing Google Drive which we use heavily. Other websites seemed to work fine. This is happening on ALL networked machines which are Windows 7 Pro machines connected to a Windows 2012 R2 server which gets its internet from a Dlink DSR1000n.
After some troubleshooting, I noticed that many assets on Google Drive were failing to load from ssl.gstatic.com. When pinging ssl.gstatic.com I am getting:
~ ping ssl.gstatic.com
PING blocked.domain.gstatic.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.074 ms
^C
— blocked.domain.gstatic.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.044/0.059/0.074/0.015 ms
Notice how it's changing to blocked.domain.gstatic.com and returning localhost.
I checked our firewalls & Trendmicro anti-virus on our router, server and machines. There are NO blocked domains. I also checked for any other kind of blocking service and found nothing. hosts file is clear.
Finally, I disconnected the network from our primary ISP so that the router would failover to the secondary ISP.
This solved the issue but the primary ISP (who is useless) is saying it's not them.
Any insight would be great as I am stumped!
Update 27.10.2014
The DNS server points to our local Windows 2012 R2 machine. The resolvers are:
- 139.130.4.4 (uneeda.telstra.net)
- 8.8.8.8 (google-public-dns-a.google.com)
A reverse lookup (ping -a 127.0.0.1) just returns the machine its ran from.
Solution 1:
If I recall correctly, having a google address resolve to a CNAME (alias) to blocked.domain.gstatic.com is an indication that google is temporarily cutting you off, either for policy violation or as part of protecting themselves from collateral attack (if someone is using them to attack something on your netblock or using something on your netblock to attack them). Failing over to the other provider made your traffic come from a different source IP and as such, no longer subject to the block.
It's been a while since I last spoke to any of my dudes at google, so this is mostly conjecture.