Some Websites Unreachable While Others Work
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
A subset of websites or services are completely unreachable while the majority of internet traffic functions normally. This selective failure pattern rules out a total internet outage and instead points to routing issues, DNS misconfiguration, firewall rules, ISP filtering, or IP reputation blocks affecting only certain destinations.
Symptoms
- ⚠ Specific domains return 'ERR_CONNECTION_TIMED_OUT' or 'ERR_CONNECTION_REFUSED' while others load normally
- ⚠ Ping to the affected site's IP succeeds but TCP connections (port 80/443) are blocked
- ⚠ The same site loads correctly when using a VPN or different DNS server
- ⚠ curl or wget to the affected URL hangs indefinitely at the connection stage
- ⚠ traceroute to the affected IP shows packets stopping at a specific router hop
- ⚠ The issue is consistent across all devices on the network, not just one device
Possible Root Causes
- • ISP-level DNS filtering or content blocking returning NXDOMAIN for specific domains
- • Asymmetric routing causing return traffic from the destination to take a different path that is blocked
- • The destination IP range is listed in a local firewall blocklist or security appliance rule
- • BGP route withdrawal at an upstream ISP causing specific IP prefixes to become unreachable
- • The affected site's CDN or hosting provider has blocked traffic from your ISP's IP range due to abuse
Diagnosis Steps
Step 1: Determine if it's DNS or routing
# First, resolve the domain to an IP address
dig google.com # compare with:
dig @8.8.8.8 google.com # using a different DNS server
# If the IPs differ significantly or one fails, it's a DNS issue
# If IPs match but connection still fails, it's a routing/firewall issue
Step 2: Test connectivity to the resolved IP directly
# Get the IP from Step 1, then test connectivity
ping -c 4 142.250.80.46 # ping the IP directly
# Try opening an HTTP connection manually
curl -v --connect-timeout 10 http://142.250.80.46
curl -v --connect-timeout 10 https://142.250.80.46 --insecure
Step 3: Trace the network path to the affected destination
# Linux / macOS
traceroute -n 142.250.80.46
# or with TCP (avoids ICMP filtering)
traceroute -T -p 443 -n 142.250.80.46
# Windows
tracert -d 142.250.80.46
Look for the last hop that responds. If traffic stops at your ISP's router, the block is upstream.
Step 4: Test with an alternative DNS server
# Temporarily use a public DNS resolver to test
nslookup affected-site.com 1.1.1.1
nslookup affected-site.com 8.8.8.8
nslookup affected-site.com 9.9.9.9 # Quad9
# If the site loads after switching DNS, your current DNS server may be:
# - Returning incorrect/blocked results (NXDOMAIN for blocked domains)
# - Timing out for this particular domain
Step 5: Check for ISP-level filtering
# Compare path from your network vs. a different network
# Use an online tool to test from a different location:
# https://check-host.net or https://downforeveryoneorjustme.com
# Check if the site is blocked by your ISP using a traceroute:
# If the path terminates at an ISP-operated IP (check via whois), your ISP may be filtering
Step 6: Check local firewall rules
# Linux — check iptables for rules targeting the affected IP range
sudo iptables -L -n -v | grep -E "(DROP|REJECT)"
# macOS — check pf firewall rules
sudo pfctl -s rules
# Windows — check Windows Firewall
netsh advfirewall firewall show rule name=all
Step 7: Check the hosts file for overrides
# Linux / macOS
cat /etc/hosts
# Windows
type C:\Windows\System32\drivers\etc\hosts
Entries in the hosts file override DNS and can cause selective failures if an IP was manually overridden.
Solution
Solution A: Switch to a reliable public DNS server
# Linux — edit /etc/resolv.conf (or use NetworkManager)
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
# macOS (System Settings > Network > DNS)
# Add 1.1.1.1 and 8.8.8.8
# Windows
netsh interface ip set dns "Local Area Connection" static 1.1.1.1
netsh interface ip add dns "Local Area Connection" 8.8.8.8 index=2
Solution B: Bypass local routing with policy-based routing
If a specific destination becomes unreachable due to a routing issue, add a static route:
# Linux — add a specific route for the affected IP block
sudo ip route add 142.250.0.0/16 via 192.168.1.1 dev eth0
# This forces traffic for that destination through a specific gateway
Solution C: Use DNS over HTTPS (DoH) to bypass DNS filtering
Enable DoH in Firefox: Settings > Network Settings > Enable DNS over HTTPS
Or configure systemd-resolved with DoH:
# /etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google
DNSOverTLS=yes
Solution D: Contact your ISP
If traceroute confirms the block is at your ISP's infrastructure, contact them with: - The specific domains/IPs affected - Your traceroute output showing where traffic stops - Timestamps of when the issue started
Prevention
- Configure DNS over HTTPS (DoH) or DNS over TLS (DoT) on your router to prevent ISP DNS tampering
- Subscribe to a reputable threat intelligence feed and audit your firewall blocklists regularly to remove stale entries
- Use BGP monitoring services (e.g., BGPmon) to receive alerts when IP prefixes you depend on are withdrawn
- Test critical business sites from multiple geographic vantage points using synthetic monitoring tools
- Maintain relationships with your ISP's technical support team so routing issues can be escalated quickly