blocked.domain.gstatic.com - Where could this blocking be?

ping google routing windows-server-2012-r2

As of this morning we were having serious issues (partially loaded site with no functionality) accessing Google Drive which we use heavily. Other websites seemed to work fine. This is happening on ALL networked machines which are Windows 7 Pro machines connected to a Windows 2012 R2 server which gets its internet from a Dlink DSR1000n.

After some troubleshooting, I noticed that many assets on Google Drive were failing to load from ssl.gstatic.com. When pinging ssl.gstatic.com I am getting:

~ ping ssl.gstatic.com
PING blocked.domain.gstatic.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.074 ms
^C
— blocked.domain.gstatic.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.044/0.059/0.074/0.015 ms

Notice how it's changing to blocked.domain.gstatic.com and returning localhost.

I checked our firewalls & Trendmicro anti-virus on our router, server and machines. There are NO blocked domains. I also checked for any other kind of blocking service and found nothing. hosts file is clear.

Finally, I disconnected the network from our primary ISP so that the router would failover to the secondary ISP.

This solved the issue but the primary ISP (who is useless) is saying it's not them.

Any insight would be great as I am stumped!

Update 27.10.2014

The DNS server points to our local Windows 2012 R2 machine. The resolvers are:

  • 139.130.4.4 (uneeda.telstra.net)
  • 8.8.8.8 (google-public-dns-a.google.com)

A reverse lookup (ping -a 127.0.0.1) just returns the machine its ran from.


Solution 1:

If I recall correctly, having a google address resolve to a CNAME (alias) to blocked.domain.gstatic.com is an indication that google is temporarily cutting you off, either for policy violation or as part of protecting themselves from collateral attack (if someone is using them to attack something on your netblock or using something on your netblock to attack them). Failing over to the other provider made your traffic come from a different source IP and as such, no longer subject to the block.

It's been a while since I last spoke to any of my dudes at google, so this is mostly conjecture.

Related

What is the proper way to prevent an Ansible playbook from updating a config file after it has been updated
RAM configuration for Dell PE2950
Is there a Windows 10 equivalent of Apple Configurator for MacOS and iOS?
Is it possible to install Kubernetes manually in my existing GCP VM instance? [closed]
Dell 2950 Disk Partition Format System Install [closed]
How does SAN provides block access to data?
Exchange 2010 Archive to PST
Risks and mitigation when getting a used iPhone
iPadOS Where has Find Friends gone?
Notifications from Apple on MacBook air
Unable to switch input sources after updating macOS to 10.14.6
How to get write access to High Sierra (APFS) drive in Read-Only mode on Macbook with faulty AMD GPU