24 days ago
We tested connectivity to www.ventanillaunica.gob.mx from two environments.
From Railway:
- DNS resolution succeeds
- TCP connection to port 443 times out
From GitHub Actions (external runtime), using a workflow that performs DNS, TCP 443, and HTTPS GET checks with legacy DH TLS compatibility enabled:
- DNS succeeds
- TCP 443 succeeds
- HTTPS requests to the COVE, Digitalización, and Pedimentos WSDL endpoints return HTTP 200
This isolates the issue to Railway outbound connectivity / egress path toward VUCEM, not the application or a general outage of the remote service.
From Railway runtime, DNS for www.ventanillaunica.gob.mx resolves correctly to 200.33.74.161, but TCP connect to 443 times out consistently. From another external runtime, TCP 443 succeeds. This indicates an outbound connectivity/egress issue specific to Railway or its source IP path to VUCEM, before TLS/HTTP/SOAP. This wasnt ocurring as of 2 hours ago.
{"ok": false, "timeout_seconds": 15, "force_http_checks": false, "host": "www.ventanillaunica.gob.mx", "gateway_enabled": false, "gateway_base_url_configured": false, "tls_legacy_dh": true, "tls_skip_verify": false, "app_process": "web", "debug": false, "dns": {"ok": true, "host": "www.ventanillaunica.gob.mx", "addresses": ["200.33.74.161"], "duration_ms": 0, "error": ""}, "tcp_443": {"ok": false, "host": "www.ventanillaunica.gob.mx", "port": 443, "duration_ms": 15015, "remote_address": "", "attempts": [{"address": "200.33.74.161", "ok": false, "duration_ms": 15015, "error": "timed out", "exception_class": "TimeoutError"}], "error": "timed out", "exception_class": "TimeoutError"}, "checks": [{"name": "cove_wsdl", "url": "https://www.ventanillaunica.gob.mx/ventanilla/ConsultarEdocumentService?wsdl", "reachable": false, "ok": false, "status_code": null, "final_url": "", "content_type": "", "duration_ms": 0, "error": "Omitido: la conexion TCP al puerto 443 ya fallo desde este runtime.", "exception_class": "", "skipped": true}, {"name": "digitalizacion_wsdl", "url": "https://www.ventanillaunica.gob.mx/ventanilla/DigitalizarDocumentoService?wsdl", "reachable": false, "ok": false, "status_code": null, "final_url": "", "content_type": "", "duration_ms": 0, "error": "Omitido: la conexion TCP al puerto 443 ya fallo desde este runtime.", "exception_class": "", "skipped": true}, {"name": "pedimentos_wsdl", "url": "https://www.ventanillaunica.gob.mx/ventanilla-ws-pedimentos/ConsultarPedimentoCompletoService?wsdl", "reachable": false, "ok": false, "status_code": null, "final_url": "", "content_type": "", "duration_ms": 0, "error": "Omitido: la conexion TCP al puerto 443 ya fallo desde este runtime.", "exception_class": "", "skipped": true}], "hostname": "3e7e0f44a527", "timestamp": "2026-04-28T22:32:31.281029+00:00"}
5 Replies
Status changed to Awaiting Railway Response Railway • 24 days ago
24 days ago
From Railway runtime, DNS for www.ventanillaunica.gob.mx resolves correctly to 200.33.74.161, but TCP connect to 443 times out consistently. From another external runtime, TCP 443 succeeds. This indicates an outbound connectivity/egress issue specific to Railway or its source IP path to VUCEM, before TLS/HTTP/SOAP. This wasnt ocurring as of 2 hours ago.
Status changed to Open Railway • 24 days ago
24 days ago
You need to use CNAME records for custom domains. Railway does not support the use of A records.
https://docs.railway.com/networking/domains/working-with-domains#custom-domains
0x5b62656e5d
You need to use CNAME records for custom domains. Railway does not support the use of A records. <https://docs.railway.com/networking/domains/working-with-domains#custom-domains>
24 days ago
Is that related to my problem? It was working 6 hours ago, how come all out the sudden that became a problem? Also I do have the cname record for custom domain, both have the checkmark and I Hve both in my domain service.
The SOAP webservices dont resolve with *.up.railway.app either
24 days ago
I ran nslookup and there wasn't a CNAME nor TXT record attached to www.ventanillaunica.gob.mx.
The domain also resolves to 200.33.74.161, when it should be resolving to Railway's CNAME record.
I'd recommend double checking your DNS records.
$ nslookup -type=CNAME www.ventanillaunica.gob.mx
Server: 100.100.100.100
Address: 100.100.100.100#53
Non-authoritative answer:
*** Can't find www.ventanillaunica.gob.mx: No answer
Authoritative answers can be found from:
ventanillaunica.gob.mx
origin = ns1-05.azure-dns.com
mail addr = ventanillaunica.sat.gob.mx
serial = 2020021422
refresh = 1800
retry = 1800
expire = 1800
minimum = 86400
$ nslookup -type=TXT _railway-verify.www.ventanillaunica.gob.mx
Server: 100.100.100.100
Address: 100.100.100.100#53
** server can't find _railway-verify.www.ventanillaunica.gob.mx: NXDOMAIN24 days ago
ventanillaunica.gob.mx is where I'm trying to connect. I have been able to for months until today 6 hours ago, they stopped responding. Ventanillaunica.gob.mx is not my website, it is where im trying to connect to.