Cannot Access www.usps.com using Chrome, Win10, Google DNS and Frontier FIOS

[adem...@gmail.com]

I have been unable to access www.usps.com.  This is the only address that has this problem.  Here is the result from a simple lookup-

Access Denied

You don't have permission to access "http://www.usps.com/" on this server.

Reference #18.4b81cb8.1462555338.1701a266

I get the same result from my Frontier FIOS desktop and my Verizon Wireless Android phone.  I'm using Chrome on both.

Next, here is a tracert to www.usps.com-

Microsoft Windows [Version 10.0.10586]

(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\******>tracert www.usps.com

Tracing route to e7154.dscb.akamaiedge.net [23.56.230.219]

over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  Wireless_Broadband_Router.home [192.168.1.1]

  2    27 ms    32 ms    11 ms  100.3.40.1

  3    12 ms     9 ms     9 ms  172.99.46.108

  4    11 ms    12 ms    12 ms  ae7---0.scr01.mias.fl.frontiernet.net [74.40.3.69]

  5    11 ms    12 ms    12 ms  ae0---0.cbr02.mias.fl.frontiernet.net [74.40.1.26]

  6    14 ms    13 ms    15 ms  12.247.217.9

  7    16 ms    17 ms    14 ms  12.123.6.34

  8    20 ms    19 ms    19 ms  12.123.34.161

  9    14 ms    14 ms    14 ms  12.120.37.206

 10    34 ms    19 ms    19 ms  12.120.128.64

 11    13 ms    14 ms    14 ms  a23-56-230-219.deploy.static.akamaitechnologies.com [23.56.230.219]

Trace complete.

C:\Users\******>

Here's the information from Google Public DNS - 

Result for www.usps.com/A with DNSSEC validation:

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "www.usps.com.",
      "type": 1
    }
  ],
  "Answer": [
    {
      "name": "www.usps.com.",
      "type": 5,
      "TTL": 1215,
      "data": "www.usps.com.edgekey.net."
    },
    {
      "name": "www.usps.com.edgekey.net.",
      "type": 5,
      "TTL": 176,
      "data": "e7154.dscb.akamaiedge.net."
    },
    {
      "name": "e7154.dscb.akamaiedge.net.",
      "type": 1,
      "TTL": 13,
      "data": "184.27.25.238"
    }
  ]
}

And, Here's the web record info from intoDNS - 

WWW		WWW A Record	Your www.usps.com A record is: www.usps.com -> www.usps.com.edgekey.net -> e7154.dscb.akamaiedge.net -> [ 104.103.104.12  ]  [Looks like you have CNAME's]
		IPs are public	OK. All of your WWW IPs appear to be public IPs.
		WWW CNAME	OK. You do have a CNAME record for www.usps.com.Your CNAME entry also returns the A record for the CNAME entry, which is good.

From here, it looks like Google DNS is working, but somewhere between edgekey.net and akamaiedge.net, my request is getting mishandled.

Does this indicate a DNS problem, or perhaps something at the other companies?

Thanks.

[yaju...@gmail.com]

try this  DNS Propagation Checker

[Alex Dupuy]

This seems to be a problem with the Akamai CDN - you're getting a wrong IP address - but unfortunately these kinds of things are very hard to resolve.  Tools like intoDNS are not really helpful here, as they are getting different answers than you are (propagation checkers will show you that every location gets a different answer).

There is no support channel for end-users to report problems to Akamai, so you'll have to try to report the problem to the Post Office (USPS.com) and get them to raise it with Akamai. I think you can imagine how easy that will be :-( but fortunately these things usually do get resolved before too long.

As a workaround you can try to configure your systems to resolve certain domains using different resolvers, using Google Public DNS for most domains, but pointing other domains (in your case, usps.com) to another resolver, such as the ones provided by your ISP.

If you (are willing to) run your own nameserver, you can change it in one place for many systems. Here are instructions for

• dnsmasq (often available on home/wifi routers, especially if you use open source routers like OpenWRT): https://www.linuxsysadmintutorials.com/configure-dnsmasq-to-query-different-nameservers-for-different-domains.html
• Bind: http://unix.stackexchange.com/a/22555/12831
• Windows (DNS) server: https://technet.microsoft.com/en-us/library/cc794735(WS.10).aspx

You can also configure individual systems

• MacOS X has a nice feature that allows you to do this without actually configuring a nameserver: http://hints.macworld.com/article.php?story=2004062902195410
  
• Linux systems running Network Manager can also do this: http://askubuntu.com/a/744971/154487
  
• For Windows clients (or any other host) you can also add an entry for a particular host to the hosts file: https://support.rackspace.com/how-to/modify-your-hosts-file/