Firefox can't find CDC.gov site. Works fine in Safari
I have been trying all day to access the Centers for Disease Control website at cdc.gov. Firefox (83.0/Mac) just says it can't contact the server. I used Network Utility to look up the IP address of the site, which reported 198.246.102.49. I entered that address into Firefox and it refused to go there, saying it was a potential security risk.
So I tried Safari (14.0.1), and cdc.gov loads immediately with no problems.
What the heck?
Chosen solution
The difference is that when you use DNS over HTTPS, your address lookups are done on a Cloudflare DNS server instead of your regular DNS server.
As of the time I tested yesterday, that server reported there was no address for www.cdc.gov so the redirect fails. However, it seems fine now.
Read this answer in context 👍 0All Replies (7)
I should have noted that Firefox doesn't seem to have trouble with any other websites.
I had no problem with https://www.cdc.gov/
Please explain the problem in detail. What happens? What is/are the exact error message(s) ?
Your connection is not secure
The owner of 198.246.102.49 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Not sure when it started, but at the moment, I cannot get to cdc.gov using Cloudflare as my DNS over HTTPS service provider. If I turn off DNS over HTTPS and use my home ISP then Firefox can load the site.
More info on DNS over HTTPS: Firefox DNS over HTTPS
There's a hidden research tool in Firefox you can check on this -- type or paste the following internal address into the address bar and press Enter to load it:
about:networking#dnslookuptool
When using Cloudflare, I get an address for cdc.gov but not for www.cdc.gov. Strange!
When I check a third party website, it indicates that www.cdc.gov uses the Akamai content distribution network. Perhaps there is configuration issue somewhere in the server farm.
Interesting. When I use the Firefox lookup tool for cdc.gov, it gives me the same result as the Mac's Network Utility: 198.246.106.49. Like you, I get an "unknown host" error for www.cdc.gov.
If I simply try to access cdc.gov in Firefox, I get "We can’t connect to the server at www.cdc.gov" (after a redirect to https://www.cdc.gov).
If I paste 198.246.106.49 into the normal Firefox address bar, I get a "Warning: Potential security risk ahead", with this explanation: Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for 198.246.106.49. The certificate is only valid for the following names: www.cdc.gov, cdc.gov, 4mmp.cdc.gov, dpd.cdc.gov, e-cigarettes.surgeongeneral.gov, flu.gov, knowits.niosh.gov, knowitsniosh.niosh.gov, millionhearts.hhs.gov, origin.cdc.gov, origin.glb.cdc.gov, origin.int-f5.cdc.gov, origin2.cdc.gov, search.cdc.gov, search-origin.cdc.gov, www.dpd.cdc.gov, www.flu.gov, www.millionhearts.hhs.gov, www.selectagents.gov, selectagents.gov, www.thecommunityguide.org, open.cdc.gov Error code: SSL_ERROR_BAD_CERT_DOMAIN (perhaps this is to be expected when trying to load an IP address instead of a domain name)
In Safari on the same Mac, cdc.gov redirects to https://www.cdc.gov and loads immediately with no apparent problems.
On my home LAN I run a Mac with macOS Server, with a DNS for my local machine names. It also serves my personal website, via CloudFlare, but I don't see any reason why this would even be involved in a fetch of an external site like cdc.gov.
Chosen Solution
The difference is that when you use DNS over HTTPS, your address lookups are done on a Cloudflare DNS server instead of your regular DNS server.
As of the time I tested yesterday, that server reported there was no address for www.cdc.gov so the redirect fails. However, it seems fine now.
It works for me now too. I haven't changed anything on my end.