Not long after my recent experience of laughing and throwing up, I took preventive measures, or what I thought were preventive measures, to keep it from happening again. I added a couple of F**news [obscenity censored] domains to my firewall’s list of blocked sites.

Not long after I added them, my Internet connection started acting up. Just the browsing part. Lots of broken image links, web pages loading without style sheets, and not a few “not available” or “may have moved permanently” errors, sometimes on major domains like bing and Google. Facebook, several news sites, and Weather Underground were especially troublesome. It was strictly a browser thing, a little worse on Chrome maybe, but at the same time Chrome told me the page was unavailable, I could ping the AWOL site without a problem.

It was mysterious enough that I even tightened my router and modem cables. I finally figured it out, but newsgroups, blogs, and Google search results, which usually help, didn’t have the answer. Maybe this post will help someone out.

The domain I’d newly blocked didn’t have a static IP address. It’s an akamaized domain, it turns out, that resolves to any of a dozen or so numeric IP addresses, and the resolution changes every minute or less. About 10% of the Internet seems to live on those same dozen or so IP addresses, too. (Among the domains there are static.ak.fbcdn.net, i.telegraph.co.uk, and abcnews.com.)

My firewall was blocking what it thought was the right IP address, but when the IP addresses of these akamaized sites flipflopped, the firewall was suddenly blocking the wrong site. Moments later, maybe it was blocking nothing, then the site I’d added, then different wrong sites…

Insert various image and DNS caching mechanisms between me and the Internet, and it’s an erratic mess of a mystery. At least it was for me. No matter how bad it was, though, it usually got better in 10 or 15 minutes. I didn’t go so far as to start using OpenDNS, which was one web-grown remedy I heard about, but I can imagine it might have changed the caching and resolution landscape enough to have made some difference. Enabling or disabling Google’s DNS prefetching, another web remedy, didn’t work for me. Once I unblocked the offensive domains, the Internet was butter again.

If you’re having this problem (the dodgy Internet problem, not the laughing and throwing up problem), first try running a traceroute on one of the problem sites you can’t browse to. If traceroute says it’s tracing a route to something like a20.g.akamai.net, or if successive traceroutes over a few minutes show different IP addresses for the domain, it’s possible something between you and the Internet is blocking one route to some of the akamaized web.