Some of the links and information provided in this thread may no longer be available or relevant.
If you have a question please post a new topic.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Telstra cable and NBN connections blocking access to hosted server at Zettagrid
Hi Crowdsupport,
I have a server hosted in Zettagrid. I am finding when I go to any clients premises that have a new or recently deployed Telstra cable or NBN plan that I can't access or even ping my Zettagrid public IP. I don't get any issues with standard Telstra ADSL accounts or clients who have been on Telstra cable for ages (appears more prevalent with NBN accounts).
Strangely when I ping the fqdn of my server from the Telstra cable/NBN sites that I have the issue with, the reply address IP is 61.9.134.114 which appears to be a Telstra DNS address??
I'm wondering, is my server on a blacklist, is this something like Telstra Parental Controls blocking my server? How can I resolve this issue?
Many thanks,
Kind regards
Aaron
Was this helpful?
- Yes it was, thank you
- No, I still need help
Thank you for your feedback
Thank you for your feedback
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
It's just really odd that it only happens on Telstra cable and NBN sites and no other Telstra plans like ADSL or Telstra business plans.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
I have the same issue with a server hosted by Netregistry. I don't know if it is related to Broadband Protect (which I am unable to turn off, only lower the protection) but I have not asked for any kind of filtering or manipulation of DNS traffic on my broadband service, blacklist or no.
This suspiciously started after a change (outage) some customers were notified of last Wednesday.
I have contacted Netregistry, their advice was to speak to Telstra. That was an extremely painful experience being asked to factory reset my modem and saying things like "Telstra do not support DNS" or "we're not trained on it", and if I wanted help I have to pay for premium support.
DNS is a fundamental part of an internet service, customer support need to understand it. Even if it means they can figure out if an issue is related to something like Broadband Protect. Or the NBN change last Wednesday.
Also if I were implementing a DNS hijacking service like this, I would at least host a response page for hijacked requests so my customers know why stuff is not working.
------------------------------------------------
Default Server: mygateway
Address: 10.0.0.138
> cp101.ezyreg.com
Server: mygateway
Address: 10.0.0.138
Non-authoritative answer:
Name: cp101.ezyreg.com
Addresses: 2001:8002:e41:f002::f5ff
61.9.211.50
> server 61.9.211.33
Default Server: dns-cust.cha.bigpond.net.au
Address: 61.9.211.33
> cp101.ezyreg.com
Server: dns-cust.cha.bigpond.net.au
Address: 61.9.211.33
Non-authoritative answer:
Name: cp101.ezyreg.com
Addresses: 2001:8002:e41:f002::f5ff
61.9.211.50
> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
> cp101.ezyreg.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: cp101.ezyreg.com
Address: 27.121.64.101
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
Second, unless you are willing to tell as what your site is we cannot do anything about it since we cannot test or investigate it.
Third, mxtoolbox is not a bad site, but did you try to check your site on virustotal? That's site many use as their source of blocking...
Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
You'll find that that's one of Telstra Broadband Protect's web protection proxies getting returned.
IT Helpdesk and Technicial Support by Telstra Platinum
Helping Australians Find the Things that Matter Most with Telstra Locator
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
Why would you say a ping test is crap? The first thing it does is test DNS resolution (or your cache) which identified what the issue was, the fact that it gets no response is just a result of the DNS rewrite.
ICMP still has its place on the internet, most security pros block it where it presents a threat (like reconnaissance or covert channels).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
How do we get this fixed, other than using Google DNS (and bypassing Broadband Protect)?
The affected fqdn is a shared cPanel host, we have no control over its content. Using it is a dependency for secure IMAP/SMTP, and Broadband Protect is now interfering with our internet service.
Cheers.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
IT Helpdesk and Technicial Support by Telstra Platinum
Helping Australians Find the Things that Matter Most with Telstra Locator
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
You'll find that the browsers themselves are also starting to block access to sites that haven't implemented HTTPS (Google Chrome, especially), so it's not just things like Telstra Broadband Protect that you need to consider in that regard.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Re: Telstra cable and NBN connections blocking access to hosted server at Zettagrid
Thanks @Yastiandrie
Seems this is a common issue with TBP and support staff have no idea what is happening: https://crowdsupport.telstra.com.au/t5/Home-Broadband/DNS-Resolution-Issue/m-p/756245
I attempted to lower my TBP protection which seems to have resulted in the DNS still in place but access to the site unfiltered, via the hijacked IP which I assume is a TBP transparent proxy - this works for ports 80 and 443 but no other service running on the host i.e. IMAP/POP/SMTP (+TLS). At the very least, the TBP proxy must forward non-web protocols rather than block them.
I was contacted by the back-end team who stated the host needs to be considered 'clean' by VirusTotal before access will be unblocked, which is a failure for the service to provide protection without implicitly denying legitimate access. We have no control over the content other customers are hosting on the shared service, that is the nature of shared hosting. This detection is a false positive and in its current state TBP is denying service for all Telstra customers that also utilise such hosting services.
I think some broad assumptions have been made during the TBP design process without consideration of the effect it has on the service provided to customers:
- Using VirusTotal as a sole method to determine a site's disposition
- Both free and paid reputation services are available
- Filtering an entire host based on the above disposition
- e.g. if http://host/~badcustomer/content/exploit-kit is malicious, don't deny access to http://host/~goodcustomer/content/benign.html
- This can be challenging for TLS content, is the current implementation fit for purpose??
- Not providing a response for proxied connections to sites deemed malicious, when high protection is enabled
- Users need to know if and why their traffic is being modified
- If TBP is blocking access it needs to host a page stating so (again this can be challenging for TLS content)
- Consideration for non-web ports and protocols
- The internet is more than just websites and browsers, let the other ports through!
Minimising risk is a balancing act between usability and security, always consider the impact before making design decisions. The intent behind TBP is great but it needs to be supportable and fit for purpose i.e. delivered in a manner that minimises impact to customers and Support need to be able to support it. If there is a likelihood of false positives denying service, TBP should not be applied to all residential customers by default especially when Customer Support have no idea what's going on.
For now I will be informing my customers to use Google DNS or alternatives like Cisco Umbrella until TBP is fit for purpose. It's easier than having TBP disabled and allows them to switch back should they need to.
Thanks again
Matt