Skip to main content

How can we help you?

Search

help Knowledge Base
forum Community
checklist Release Notes
event Events

Connection failure error page

Minetta Gould
  • Updated

    In this article

If you're seeing a connection error page while browsing, this means DNSFilter cannot resolve the requested domain. 

This is not the same as policy Block Pages—which contain a blocked domain, the policy name that's performing the block, and often the blocked category—but instead indicate a misconfiguration or network issue. 

If you’re seeing this page, something is wrong. Please contact your DNS-Based content filtering provider for assistance

This is the Unknown Page error message. Typically end-users encounter this page for two reasons:

  • The DNSFilter configuration has insufficient IP address information
  • DNS traffic is blocked, filtered, or redirected by another security setting or ISP

Insufficient IP Addresses

If utilizing DNS Forwarding—Network Forwarding—DNS traffic must be able to communicate in our network. 

DNSFilter operates a closed DNS network.
Unlike Google and Cloudflare, we do not answer DNS traffic from unknown networks.

To resolve this issue, confirm all network IP addresses are added to the DNSFilter dashboard. This includes:

  • All primary external IP addresses
  • Secondary addresses on another ISP
  • Failover WAN links

DNS traffic interception

DNS traffic interception, or transparent proxying, can occur to any deployment setup where another security setting—e.g. network firewalls, security appliances, or endpoint protection software—stops DNS traffic from reaching DNSFilter. This often includes Satellite Internet Service Providers (ISPs) and Telecom providers (3g/4g/LTE). 

Troubleshooting Steps

Follow these steps to determine if another service is proxying DNS traffic.

Step one: Confirm IP addresses align

Confirm the IP address in the Network Site matches the public IP address of the device.

✍️ If only deploying Roaming Clients or DNS Relay, skip to step two. 

  1. Confirm the IP address by visiting Whatismyip.com (usually accurate) or enter this command into the device command prompt or terminal (higher accuracy): 
    nslookup myip.dnsfilter.com. 103.247.36.36

    This command echoes back your IP address

  2. Compare it to what is in the dashboard

  3. If the IP addresses do not align, correct the dashboard entry to resolve the issue

Continue to step two if the IP addresses align.

Step two: Verify the DNS server

Verify DNSFilter is resolving the network's DNS requests. From the device command prompt or terminal, enter this command:

nslookup myip.dnsfilter.com.

DNSFilter successfully responded to the query: The output will show the default DNSFilter server, dns1dnsfilter.com and respond to the query by listing the public IP address of the network that requested it.

ca443df-nslookup1.png__405_149__2021-05-12_16-33-26.png

DNSFilter did not resolve the query: The output will show a different server and include the message can't find myip.dnsfilter.com

c21fe9b-nslookup2.png__528_91__2021-05-12_16-34-22.png

This means that either:

  • DNSFilter was not configured as the default nameserver for this computer
  • Requests are being intercepted

Continue to step three to confirm the issue to resolve.

Step three: Pinpoint the issue

Continue with these troubleshooting steps to find the best resolution for the network environment.

  1. Confirm the network points to the DNSFilter Anycast IP addresses (103.247.36.36 and 103.247.37.37)
  2. Check all network security settings for conflicts
  3. Determine if transparent proxying by your ISP is taking place
Was this article helpful?
1 out of 4 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.