2

NextDNS - stops for some time then comes back

Hi All, 

its the second time now since December last year so i thought to reach out to get some other ideas and suggestions.

Scenario:
NextDNS configured on my SonicWall Tz270 and works fine.

  • Suddenly DNS resolution stops 
  • Internet (test via IP) works fine
  • Switching to DNS 1.1.1.1 brings back the internet DNS resolution.

Then wait for about an hour (+/-). 
Reconfigure back to nextDNS IP as DNS. 
Starts working again...

Dont have a superfancy setup just the usual suspects set in Add Blocking and nearly all options in Security.
Allowlists for Chat, gaming and o365.

The interesting part is that as soon as i switch to 1.1.1.1 DNS is instantly starts working.
Premium edition should not have any request limitation as far i know. 
Not quite sure if there is a "ban" happing in between which releases after a while.
As of now all started working like before.

Did you observer anything like it as well?
Any hints or suggestions?

thank you very much!
Armin

22 replies

null
    • Ryan_Wingerter
    • 10 mths ago
    • Reported - view

    I had the same thing happen. DNS resolution stopped at 10:30 last night (according to the logs). After switching to 8.8.8.8, the DNS resolution starts again. I have not tried to switch back as we need the internet working for now.

    When I go to http://ping.nextdns.io, I do have errors.

    • NextDNs
    • 10 mths ago
    • Reported - view

    Please provide a https://nextdns.io/diag

      • Ryan_Wingerter
      • 10 mths ago
      • Reported - view

      Report has been sent.

      • NextDNs
      • 10 mths ago
      • Reported - view

       I need the link

      • Ryan_Wingerter
      • 10 mths ago
      • Reported - view

      I don't show a link. After running the program, I get the folowing

      Do you want to send this report? [Y/n]: y
      Optional email in case we need additional info:
      Post unsuccessful: status 400
      {"error":"0: instance.Test requires property \"Client\"\n"}

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

        - any news?

      • NextDNs
      • 9 mths ago
      • Reported - view

       we don't have a list of IPs for all our PoPs. Blocking all ICMP does not make much sense IMHO. It will make any network debugging pretty difficult and break a few things like PMTU discovery along the way.

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

       let me see what i can do for testing. 

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

       
      report generated and send: https://nextdns.io/diag/e43bd9c0-bc2a-11ee-8b17-419cd05b84fc
      These seem to be my closest PoPs. 
      45.90.28.0  zepto-zrh
      45.90.30.0 anexia-zrh
      i could may create an ICMP group on the firewall 

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

       Any idea how this "block/ban" could happen?  It does stop for around and hour then works fine again. 
      Did the report shows something out of the ordinary?

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

       
      Any update on the case?

      • NextDNs
      • 9 mths ago
      • Reported - view

       we couldn’t find anything abnormal. Please provide another diag when the problem arises.

    • Armin_Felkel
    • 10 mths ago
    • Reported - view

    I dont get much out of the report. 
    traceroute towards the web is not allowed on firewall. 
     

      • NextDNs
      • 10 mths ago
      • Reported - view

       please run the diag from a client on the same lan

      • Armin_Felkel
      • 10 mths ago
      • Reported - view

       
      there you go: https://nextdns.io/diag/3c013800-b6b6-11ee-9dea-f18fc6c687fa
      But as i wrote. ICMP traceroute does not work as the firewall will not let it pass. 

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

       
      Any news on the case?
      thanks

      • NextDNs
      • 9 mths ago
      • Reported - view

       if you can disable ICMP filtering to get visibility, it would be interesting to run this diag again next time it fails. 

      • Armin_Felkel
      • 9 mths ago
      • Reported - view

        Are your pop IPs somewhere visible? ICMP to all Internet is just not state of the art... Any other tests which could be run? I mean icmp does not provide you much measurement would it?

    • Armin_Felkel
    • 10 mths ago
    • Reported - view

    Ping looks good as well. Connected to my nearest pop.

      anexia-zrh    17 ms  (anycast2, ultralow2)

    ■ zepto-zrh     18 ms  (anycast1, ultralow1)

      zepto-fra     22 ms

      anexia-fra    24 ms

      hetzner-nue   26 ms

      vultr-fra     26 ms

      zepto-mil     27 ms

      anexia-lux    32 ms

      anexia-mil    46 ms

      anexia-par   113 ms

    • john.28
    • 10 mths ago
    • Reported - view

    Same issue went in and out last night at 10:30PM Eastern Time ( I thought is was a WI-FI ap issues). Woke up  6:00 AM and all my wifi devices were offline. Then I couldn't get out from my PC on wired LAN. After that I turned on my VPN to bypass nextdns. After that dns started revolving again from my vpn and could access websites via the browser again. I then change my router to Cloudflare 1.1.1.1 and all off my wifi devices started working again. Defiantly something going on. A status page would be nice. Yes I know about the ping page.

    • Armin_Felkel
    • 10 mths ago
    • Reported - view

    Do you guys turned on these perfomance settings?
    This was the last change it did...

    • Armin_Felkel
    • 9 mths ago
    • Reported - view

    @Suppport / @NextDNS

    do you have any update or suggestion?

Content aside

  • 2 Likes
  • 9 mths agoLast active
  • 22Replies
  • 520Views
  • 4 Following