11 points
It couldn’t be a routing issue, because they’d never be able to get past the modem out to the rest of the world.
The DNS one is a pretty good guess. Another is that they were just doing HTTP redirects on every lookup. If this was >14 years ago, FireSheep had not been released yet (2010) and most sites only did HTTPS for authentication, and browsers didn’t really try HTTPS first. So a lazy but semi competent admin could just redirect all the port 53/80 traffic and hose a normal browsing session, but a VPN coming up with direct IP config would bypass that and bring them back online.