DNS considered harmful...

(…by Google and Apple, at least)

I had a little problem where a bunch of web sites started displaying poorly at home (odd layout glitches, pulldown menus that rendered as lists, dynamic image-loading that didn’t load, etc). It happened on my Mac with Safari and Edge but not Chrome, but didn’t happen on my iPad or on a Windows box.

Coincidentally (not entirely…), I had recently upgraded from Catalina to Monterey on that Mac. After too much poking around, I isolated the problem to the browsers refusing to accept the SSL cert for cdn.jsdelivr.net. Except that curl and wget accepted it just fine, as did Chrome. The catch was that the ones that worked were getting geolocated to Cloudfront, and the ones that failed were getting geolocated to Fastly. On the same machine.

TL/DR, I switched my home network’s DNS from Google back to Quad9. That instantly fixed Edge, but Safari needed the extra step of disabling the “Google Safe Browsing” feature that had silently been turned on by the OS upgrade. Apparently whatever cert-based blacklisting they were doing to that specific Fastly node applied to that service as well.

(and, yes, geolocation for my static IP block is all over the place, with some sources thinking I’m in Texas, some in Virginia, and the rest scattered across Ohio but nowhere near Dayton)

Comments via Isso

Markdown formatting and simple HTML accepted.

Sometimes you have to double-click to enter text in the form (interaction between Isso and Bootstrap?). Tab is more reliable.