Many Apple properties work only after repeated attempts
Since around two weeks, many requests to Apple properties (App Store, Apple Music etc.) fail resulting in “Connection to App Store failed” messages, podcasts that won’t download etc.
The logs do not show any blocked requests. Enabling or disabling blocklists and other features seem to have no real effect. Explicitly whitelisting tens of Apple (sub)domains also does not solve the problem.
If a site or service fails to load, I retry many times. Sometimes by the 5th, sometimes by the 50th try the requests succeeds. Sometimes even retries do not help.
One method that always works is disabling NextDNS. From that moment onwards, requests to Apple services resume to work immediately.
On Reddit I’ve seen multiple people reporting the same issue: https://reddit.com/r/nextdns/comments/vqi7zz/issues_reaching_apple_services_like_app_store/
For anyone encountering this issue (Apple domains failing, nothing blocked in the logs), could you try the following and report back here?
1. Switch temporarily to a no-profile DNS endpoint (https://dns.nextdns.io, dns.nextdns.io or 22.214.171.124/126.96.36.199).
2. If you're still getting the issue with 1., try setting up Quad9 (188.8.131.52).
Could you also share the following (ideally here, but privately is fine as well)
- Your ISP and approximate location (closest metropolitan area is enough)
- The output of https://test.nextdns.io
I only have "oisd full" list enabled, enabled all the switches on the Security, Privacy and Settings pages.
When disabling NextDNS they load instantly, so it must be NextDNS related but no blocks appear in the logs. After trying a lot, switching everything off and on multiple times it seems that disabling the "Block Dynamic DNS Hostnames" works for me. Support pages and iCloud.com load fine now. Only tried it a short time so I can't wether it will continue to work.
But it clear that there is something not okay with NextDNS enabled..
Thank you for posting. I have the same issue with App Store / Apple Music / iTunes, and it prevents most Apple connected devices (except one) from functioning
For instance, two brand new HomePod Mini speakers fail to connect to Apple Music and iTunes on Apple TV.
I've exhausted every possible combination of troubleshooting steps that I could muster, but to no avail.
I also wanted to share some relevant info.
Just to be explicit, I experienced **the “update all [apps]” button not working as expected in App Store**. App-update-indicator keep spinning and spinning and eventually stop not having updated anything. Confusingly, one can update single apps one by one manually, but not via the update all app.
I also started with my filters, but there wasn’t really going on anything special besides an occasional ad query coming from inside the App Store (so I assume), changing the filters did not fix the problem.
I stumbled on (older) references to EDNS under the config\performance where I started to experiment with different combinations of these switches.
! Warning for skimmers: messing with these dns settings will take at least 5 minutes to propagate so the dns cache records expire so your changes will not always effect your device real-time.
My working hypothesis is that the switch *Cache-boost* can be a work around. What the *true* reason for this relative new undesired (iOS) behaviour is, remains to be seen, but turning off the cache boost resulted in me being able to update-all apps again.
I use the app and have a dedicated profile for iOS devices.
If you choose to test, do this:
Put everything the way you like again. All bells and whistles you no Apple domain in exception or block list.
**Disable cache-boost**; you may leave edns and flattening enabled.
In my case I had the beta threat intelligence disabled.
Set a timer for 5 minutes and wait.
After 5 minutes, go to app store. Touch your initials, drag down to refresh update page. Press update all.
I have witnessed succes a few times, but it is limited to the number of devs pushing new updates. **I need more data**. Feel free to share.
Hopefully this helps and aid NextDNS in figuring out what is going on.
P.s. Cache-boost is a good feature because TTL of 5 seconds have downsides, but in this case - for assumed fixing purposes - I accept it disabled. I do not recommend this for shared NextDNS-profiles for other devices, only for test-fixing iOS.
Do you have an position on IPv4 and IPv6 in relation to this topic? Would this behaviour be explained by not having IPv6 ips assigned to clients? (tv.apple.com resolves to 4 AAAA records and 1 A record.)
Feel free to ignore if irrelevant, just trying to get more info shared.
I can see one of the posters has a IPv6 address in the test output, so this might be one we can exclude in "House's differential diagnosis".
@NextDNS exactly the same issue. Me and some of my friends which also use NextDNS are about to leave NextDNS as well.
Every solution seem not working and this is ongoing for at least 2-3 months now. It gets way to annoying.
NextDNS please fix it. I loved how it works and this gonna cost you guys a huge amount of users.
Perhaps the NextDNS app can be expanded with an additional feedback mechanism? Or perhaps even local logs to consult. It is a hard to debug.
As a test, nowadays, in the iOS NextDNS app, I switch off the custom ID switch, effectively disabling most of the custom configuration, but keeping NextDNS DOH on.
No conclusive results yet.