presentations

Web Troubleshooting: The Outside-In Approach

Or: How to diagnose like a user (because that’s what matters)

When internal tools lie to you, the internet tells the truth


Why Start External?

Start where the problem actually lives


The Stack

1. Domain Registration  ← Is it even valid?
2. DNS Resolution       ← Can the world find it?
3. IP Intelligence     ← Where does it actually live?
4. Port/Protocol Test   ← Is anything listening?
5. HTTPS/TLS Analysis   ← Is encryption borked?

Each layer can fail independently


Layer 1: Domain Registration

Tool: ICANN Lookup

https://lookup.icann.org/en

What You’re Hunting For:

Pro tip: Registry NIC sites have more detail than WHOIS


Layer 2: DNS Resolution

Query Tools:

Records That Matter:

SOA   → Who's authoritative
NS    → Nameserver delegation  
A     → IPv4 addresses
AAAA  → IPv6 addresses
CNAME → Aliases
TXT   → SPF, DKIM, verification records

Layer 3: IP Intelligence

Tool: ipinfo.io

What You Learn:

Reality check: One IP = potentially thousands of sites (Name-based virtual hosting is everywhere)


Layer 4: Port & Protocol Testing

Standard Web Ports:


Tools:

What You Can Do:


Layer 5: HTTPS/TLS Analysis

Tool: SSL Labs

https://www.ssllabs.com/ssltest/

The Good Stuff:


Common Failure Patterns

Layer Typical Issues
Domain Expired, locked, wrong nameservers
DNS Cache lag, missing records
IP Unexpected hosting provider, geo-blocking
Ports Firewalls, service down
TLS Expired certs, weak config

Each layer can mask problems in others


Live Demo Time

Let’s break something and fix it

Demo target: [Your choice of problematic site]

  1. Domain check
  2. DNS resolution
  3. IP lookup
  4. Port test
  5. TLS analysis

The “But We Use…” Objection

Them: “But we use [internal tool] for this”

You: “Cool. Does it show what users actually see?”

Internal tools assume your network is working External tools assume nothing

Trust, but verify from the outside


Next Steps: CLI Tools

to cover in an upcoming presentation…

Git Bash / WSL:


PowerShell:

Windows CLI:

Today: External perspective
Next time: Automating these checks


Bonus: Automating External Checks

examples:

# Quick domain intel one-liner
curl -s "https://ipinfo.io/$(dig +short example.com)" | jq

# SSL Labs API (wait for completion)
curl -s "https://api.ssllabs.com/api/v3/analyze?host=example.com"

# DNS propagation check via API
curl -s "https://www.whatsmydns.net/api/check?server=all&type=A&query=example.com"

Key Takeaways

  1. Start external, move internal
  2. Each layer can fail independently
  3. Document what you find
  4. External tools don’t lie

Resources


Backup Arsenal & Deep Dives

Backup Tools:


Learning Resources: