3

Service down?

Is there a problem with the service?

40 replies

null
    • thor
    • 3 yrs ago
    • Reported - view

    It is still happening. You have still, at least on CH, downtime every minutes or every x queries.

    Plus your mirror for linux installation of your client is unreachable. It is happening on every devices I have so it's still the case i guess for the other customers too. 

      • olivier
      • 3 yrs ago
      • Reported - view

      thor with the CLI, use "nextdns log" to read the logs. With multiple layer of filtering and forwarder like you have, you have more chance of getting issues, and it becomes harder to troubleshot.

      For bintray, what is the output of "curl -vLo- 'https://bintray.com/nextdns/deb/download_file?file_path=pool%2Fmain%2Fm%2Fnextdns_1.11.0_amd64.deb' | md5sum"

      • thor
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey it's not a problem of filter I have already check it and it's not hard to verify since in pihole it's pretty clear and straightforward. And it's not coming from the filtering of your servers either since I can clearly identify the timestamp and I can see there are requests not being processed by your server and still being sent. 

      is there any doc about the syntax you are using and the meaning of your log? 

      I guess this is that king of problem you are looking for: 

      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP AAAA firefoxusercontent.com. (qry=51/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP A contacts.skype.com. (qry=47/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP PTR 207.247.44.108.in-addr.arpa. (qry=56/res=12) 421128ms : doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP A firefoxusercontent.com. (qry=51/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP A api.ghostery.net. (qry=45/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP AAAA profile.accounts.firefox.com. (qry=57/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP PTR 207.247.44.108.in-addr.arpa. (qry=56/res=12) 419130ms : doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP AAAA api.ghostery.net. (qry=45/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP PTR 74.155.218.92.in-addr.arpa. (qry=55/res=12) 416440ms : doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP AAAA firefoxusercontent.com. (qry=51/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP A crl3.digicert.com. (qry=46/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      mars 13 21:41:25 pi4data nextdns[735]: Query 127.0.0.1 UDP A api.ghostery.net. (qry=45/res=12) cached HTTP/2.0: doh resolve: context deadline exceeded
      
      

      there is a swtiching endpoint line later today where it seems to go a bit better after that.

      connected means the query has been resolved?

      md5sum: ab31fe8e0b4fc6707d88eab5d70e734d

      • olivier
      • 3 yrs ago
      • Reported - view

      thor please paste the whole curl output.

      • olivier
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey next time it fails, please submit a https://nextdns.io/diag

      • thor
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey 

      * Expire in 0 ms for 6 (transfer 0x1a28b0)
      * Expire in 1 ms for 1 (transfer 0x1a28b0)
      * Expire in 4 ms for 1 (transfer 0x1a28b0)
      * Expire in 8 ms for 1 (transfer 0x1a28b0)
      * Expire in 8 ms for 1 (transfer 0x1a28b0)
      * Expire in 11 ms for 1 (transfer 0x1a28b0)
      * Expire in 11 ms for 1 (transfer 0x1a28b0)
      * Expire in 16 ms for 1 (transfer 0x1a28b0)
      * Expire in 14 ms for 1 (transfer 0x1a28b0)
      * Expire in 14 ms for 1 (transfer 0x1a28b0)
      *   Trying 108.168.194.93...
      * TCP_NODELAY set
      * Expire in 200 ms for 4 (transfer 0x1a28b0)
      * Connected to bintray.com (108.168.194.93) port 443 (#0)
      * ALPN, offering h2
      * ALPN, offering http/1.1
      * successfully set certificate verify locations:
      *   CAfile: none
        CApath: /etc/ssl/certs
      } [5 bytes data]
      * TLSv1.3 (OUT), TLS handshake, Client hello (1):
      } [512 bytes data]
      * TLSv1.3 (IN), TLS handshake, Server hello (2):
      { [106 bytes data]
      * NPN, negotiated HTTP1.1
      { [5 bytes data]
      * TLSv1.2 (IN), TLS handshake, Certificate (11):
      { [2765 bytes data]
      * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
      { [333 bytes data]
      * TLSv1.2 (IN), TLS handshake, Server finished (14):
      { [4 bytes data]
      * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
      } [70 bytes data]
      * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
      } [1 bytes data]
      * TLSv1.2 (OUT), TLS handshake, Next protocol (67):
      } [36 bytes data]
      * TLSv1.2 (OUT), TLS handshake, Finished (20):
      } [16 bytes data]
      * TLSv1.2 (IN), TLS handshake, Finished (20):
      *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
      *  SSL certificate verify ok.
      } [5 bytes data]
      > GET /nextdns/deb/download_file?file_path=pool%2Fmain%2Fm%2Fnextdns_1.11.0_amd64.deb HTTP/1.1
      < Server: nginx
      * Expire in 0 ms for 1 (transfer 0x1a28b0)
      * NPN, negotiated HTTP1.1
      } [16 bytes data]
      * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
      *  subject: CN=*.bintray.com
      *  start date: Sep 26 00:00:00 2019 GMT
      *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
      > GET /nextdns/deb/pool/main/m/nextdns_1.11.0_amd64.deb HTTP/1.1
      < Date: Sun, 14 Mar 2021 22:14:51 GMT
      < Content-Length: 0e%3D%22nextdns_1.11.0_amd64.deb%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvOTI3NDNmNGE4NjFkNWQ4YjYyNWEzYjA4NWMS4xMS4wX2FtZDY0LmRlYiUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTYxNTc2MDgxMX0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_
      * Expire in 2 ms for 1 (transfer 0x1a28b0)
      * Expire in 1 ms for 1 (transfer 0x1a28b0)
      * Expire in 1 ms for 1 (transfer 0x1a28b0)
      * Expire in 2 ms for 1 (transfer 0x1a28b0)
      * Expire in 2 ms for 1 (transfer 0x1a28b0)
      * Expire in 4 ms for 1 (transfer 0x1a28b0)
      * Expire in 3 ms for 1 (transfer 0x1a28b0)
      * Expire in 4 ms for 1 (transfer 0x1a28b0)
      * Expire in 3 ms for 1 (transfer 0x1a28b0)
      * Expire in 4 ms for 1 (transfer 0x1a28b0)
      * Expire in 4 ms for 1 (transfer 0x1a28b0)
      * Expire in 7 ms for 1 (transfer 0x1a28b0)
      * Expire in 16 ms for 1 (transfer 0x1a28b0)
      * ALPN, offering http/1.1
        CApath: /etc/ssl/certs
      } [5 bytes data]
      > GET /92743f4a861d5d8b625a3b085cb3a0eeb836291cd2b620f875160932a9521c74?response-content-disposition=attachment%3Bfilename%3D%22nextdns_1.11.0_amd64.deb%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvOTI3NDNmNGE4NjFkNWQ4YjYyNWEzYjA4NWNiM2EwZWViODM2MjkxY2QyYjYyMGY4NzUxNjA5MzJhOTUyMWM3ND9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMm5leHRkbnNfMS4xMS4wX2FtZDY0LmRlYiUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTYxNTc2MDgxMX0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=p1R-b7GQ8QYDq47I482GjBJb4JEUV~cU3TDIZ49QUWZ~GYkZWVMyYdTU4HA0jNT4V31tIXYmf2dxffX2pg7RCMzm84HAWww31EUL2rzUoJzqJiRL0XuItQTJq7f5W0zouGstItQaDkscN4SmYXV1DeK~GB0EsS5gu-66Go8GpjWd9jpB8iNICFRywxcZ8~3b4hG0JkJuun9cfacICtVZX2Fod6LKaU-0tjen9L2-QAmK8OlsBxe~Ektd4uI5-Yig~YWhpwreF0hECKf2ovU0EeAnNkfBpWbANuzizuprq2NC-3NQeVvmVfpBQ8fRQHVgT43aYZfI98Mze5ngKbGdww__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA HTTP/1.1> Host: d29vzk4ow07wi7.cloudfront.net
      > User-Agent: curl/7.64.0
      > Accept: */*
      >
      { [5 bytes data]
      < HTTP/1.1 200 OK
      < Content-Type: application/x-debian-package
      < Content-Length: 2876406
      < Connection: keep-alive
      < Date: Sun, 14 Mar 2021 22:14:53 GMT
      < Last-Modified: Mon, 08 Mar 2021 23:54:48 GMT
      < ETag: "ab31fe8e0b4fc6707d88eab5d70e734d"
      < Content-Disposition: attachment;filename="nextdns_1.11.0_amd64.deb"
      < Accept-Ranges: bytes
      < Server: AmazonS3
      < X-Cache: Miss from cloudfront
      < Via: 1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
      < X-Amz-Cf-Pop: DUS51-C1
      < X-Amz-Cf-Id: JoBF8HaklHQcYw8mGokOr4_LUVGM8opa0DAc9TJVfmWDqRjjBz9pSQ==
      <
        0 2808k    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0{ [5 bytes data]
      100 2808k  100 2808k    0     0   886k      0  0:00:03  0:00:03 --:--:-- 2562k
      * Connection #2 to host d29vzk4ow07wi7.cloudfront.net left intact
      ab31fe8e0b4fc6707d88eab5d70e734d  -
      • thor
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey if you want to, but it still would be nice to have an actual piece of doc to explain the syntax so the user can identify itself the problem and win some time over the problem resolution process... Or maybe I did miss this piece of doc? 

      • olivier
      • 3 yrs ago
      • Reported - view

      thor the bintray mirror is fine, the problem is elsewhere.

      From your logs you seem to get timeouts talking to our servers. Diag would help understand the issue.

      • thor
      • 3 yrs ago
      • Reported - view
      • thor
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey I don't see in all that a latency big enough to provoke an abandon of a dns query nor any tls handshake or anything but take your time to analyze it and we'll see and thanks anyway for your help 

      • olivier
      • 3 yrs ago
      • Reported - view

      thor it looks good. Please run it again next time you experience issue.

      • thor
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey no problem will do. 

      will do the same also for the bintray repo and see if I get anything more. 

      Thanks for your help anyway 

      • thor
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey I've succeeded to reproduce the problem on a test setup I'm using from time to time. 

      Should I open a new thread? or Should I make you DM (if that's a possible).

      disclaimer: it's about DNSSEC signature which are not correct apparently. 

      • olivier
      • 3 yrs ago
      • Reported - view

      thor let's open another thread.

    • Markus_Schneider
    • 2 yrs ago
    • Reported - view

    Since 2 hours NextDNS is down for me as well. Internet works fine, as long as I'm not using NextDNS. Adding insult to injury is the remark that I should contact support (Bitte sprechen Sie mit uns...). How should I speak to you people? 🙄

      • Markus_Schneider
      • 2 yrs ago
      • Reported - view

      Markus Schneider After roughly 3 hours everything worked fine again. Of course, without any information from NextDNS.

Content aside

  • 3 Likes
  • 2 yrs agoLast active
  • 40Replies
  • 756Views
  • 11 Following