I can reach GitHub from guest account only

catalinaNetwork

I can't reach github.com; the DNS resolves but then the connection times out (on Safari, Firefox and Chrome). I'm running macOS 10.15.5.

I've run sudo dscacheutil -flushcache and sudo killall -HUP mDNSResponder, to no avail.
See this superuser question for all the debugging I've done so far

I'm asking a separate question here because one key clue is that when logging in with my laptop's guest account, I can reach github.com. If I create another admin user account however, the issue is still there.

For that reason I'm wondering: what are the networking-related settings that would apply to regular users but not the guest account?

Edit Adding more debugging info

  • dig output showing that DNS resolves:
$ dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54977
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;github.com.            IN  A

;; ANSWER SECTION:
github.com.     59  IN  A   140.82.112.3

;; Query time: 109 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 09 22:07:32 CEST 2020
;; MSG SIZE  rcvd: 55
  • Request timing out in curl
$ curl -v --insecure -L 140.82.112.3
*   Trying 140.82.112.3...
* TCP_NODELAY set
* Connected to 140.82.112.3 (140.82.112.3) port 80 (#0)
> GET / HTTP/1.1
> Host: 140.82.112.3
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Content-length: 0
< Location: https://140.82.112.3/
<
* Connection #0 to host 140.82.112.3 left intact
* Issue another request to this URL: 'https://140.82.112.3/'
*   Trying 140.82.112.3...
* TCP_NODELAY set
* Connected to 140.82.112.3 (140.82.112.3) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
[...TLS handshake details]
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*  start date: May  5 00:00:00 2020 GMT
*  expire date: May 10 12:00:00 2022 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: 140.82.112.3
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Content-length: 0
< Location: https://github.com/
<
* Connection #1 to host 140.82.112.3 left intact
* Issue another request to this URL: 'https://github.com/'
*   Trying 192.30.253.113...
* TCP_NODELAY set
* Connection failed
* connect to 192.30.253.113 port 443 failed: Operation timed out
* Failed to connect to github.com port 443: Operation timed out
* Closing connection 2
curl: (7) Failed to connect to github.com port 443: Operation timed out
* Closing connection 0
* Closing connection 1

If I curl without -L (i.e. without redirects) then I do get to the site, and get the HTML back:

$ curl -H "Host: github.com" --insecure -v https://140.82.112.3/
...
< HTTP/1.1 200 OK
<!DOCTYPE html>
<html lang="en">
...

Best Answer

The fix was given by the answer to https://superuser.com/questions/1559142/github-com-resolves-but-times-out

My /etc/hosts had the 192.30.253.113 IP for github.com; that IP probably became invalid recently. Removing that line fixed the issue.

Related Question