9

Many Apple properties work only after repeated attempts

Since around two weeks, many requests to Apple properties (App Store, Apple Music etc.) fail resulting in “Connection to App Store failed” messages, podcasts that won’t download etc. 

The logs do not show any blocked requests. Enabling or disabling blocklists and other features seem to have no real effect. Explicitly whitelisting tens of Apple (sub)domains also does not solve the problem.

If a site or service fails to load, I retry many times. Sometimes by the 5th, sometimes by the 50th try the requests succeeds. Sometimes even retries do not help.  

One method that always works is disabling NextDNS. From that moment onwards, requests to Apple services resume to work immediately. 

On Reddit I’ve seen multiple people reporting the same issue: https://reddit.com/r/nextdns/comments/vqi7zz/issues_reaching_apple_services_like_app_store/

52 replies

null
    • NextDNs
    • 2 yrs ago
    • Official response
    • Reported - view

    For anyone encountering this issue (Apple domains failing, nothing blocked in the logs), could you try the following and report back here?

    1. Switch temporarily to a no-profile DNS endpoint (https://dns.nextdns.io, dns.nextdns.io or 45.90.28.0/45.90.30.0).

    2. If you're still getting the issue with 1., try setting up Quad9 (9.9.9.9).

    Could you also share the following (ideally here, but privately is fine as well)

    - Your ISP and approximate location (closest metropolitan area is enough)

    - The output of https://test.nextdns.io

      • Leo_Kennis
      • 2 yrs ago
      • Reported - view

      NextDNS in all my “tinkering” so far this setting did not seem to have an effect. 
       

      This evening I tried to test a little more methodically: first basically disable everything, then one by one enable block lists and features. And so far it seems that disabling “Threat Intelligence Feeds” seems to bring the most improvements.

      But as the issue is not constant (i.e. even with Threat Intelligence Feeds on, after some retries stuff like the App Store does load) I’m not 100% convinced yet. 

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Leo Kennis We have updated our response with some debugging steps that would help us isolate the issue, could you check it out?

      • Leo_Kennis
      • 2 yrs ago
      • Reported - view

      NextDNS Hi, 1 I’ll try later today. With 2 (Quad9) there is no issue and everything works. 
      Since disabling Threat Intelligence Feeds yesterday I have seen less issues overall.

      My ISP is Ziggo and I live in Arnhem, The Netherlands. 
      Output of test:

      {
      "status": "ok",
      "protocol": "DOH",
      "profile": "fpf10a092a2c867e8f",
      "client": "31.151.45.99",
      "srcIP": "31.151.45.99",
      "destIP": "95.179.134.211",
      "anycast": false,
      "server": "vultr-ams-1",
      "clientName": "nextdns-ios",
      "deviceName": "iPhone van Leo",
      "deviceID": "5OPR6",
      "deviceModel": "Apple iPhone14,3"
      }
      • Abdul_Rehman
      • 2 yrs ago
      • Reported - view

      Tried all, works everywhere expect when using NextDNS. Service provider Mobily, Jeddah KSA

       

      "status": "ok",
      "protocol": "DOH",
      "profile": "fp6931c7554048953d",
      "client": "31.167.37.163",
      "srcIP": "31.167.37.163",
      "destIP": "185.140.251.24",
      "anycast": false,
      "server": "navico-ruh-1",
      "clientName": "dnscrypt"
      }

       

      NextDNS 

      • Abe_Moss
      • 2 yrs ago
      • Reported - view

      Abdul Rehman you're using a DNSCrypt client according to the test results you'd posted. 

      • Abdul_Rehman
      • 2 yrs ago
      • Reported - view

      Hi Abe Moss 

      Yes, noticed that i turned off everything in security and the DOH is setup on Firewalla with all others DOH off only Nextdns, looking up at the my nextdns it shows I am connected to it, and all App Store issues are gone. Will see turning one by one the security back up and see which one is causing the issue if it doesn’t pop up here on this thread. 

      • Leo_Kennis
      • 2 yrs ago
      • Reported - view

      NextDNS hi, has there been any progress in investigating this issue so far?

      • revue_2_presse
      • 10 mths ago
      • Reported - view
      • mmir
      • 9 mths ago
      • Reported - view

       Can you please look into this issue? This keeps coming back. The app store doesn't load and immediately loads if I switch off NextDNS in the app or I use any other DNS server. As asked by you: 

      Location: Dubai, UAE
      Results:

      {
      "status": "ok",
      "protocol": "DOH",
      "profile": "fpb418e2f98ed6d7ef",
      "client": "87.200.41.188",
      "srcIP": "87.200.41.188",
      "destIP": "37.252.245.241",
      "anycast": false,
      "server": "anexia-dxb-1",
      "clientName": "nextdns-ios",
      "deviceName": "iPhone",
      "deviceID": "2GMDP",
      "deviceModel": "Apple iPhone16,2"
      }
      • mmir
      • 9 mths ago
      • Reported - view

      Any luck with this issue? It is still happening and all Apple services on my ATV's and devices are affected. Don't see anything in the logs suggesting any blocks too. Here is the result from test.nextdns.io for today:

      {
      "status": "ok",
      "protocol": "DOH",
      "profile": "fpb418e2f98ed6d7ef",
      "client": "87.200.41.188",
      "srcIP": "87.200.41.188",
      "destIP": "37.252.245.241",
      "anycast": false,
      "server": "anexia-dxb-1",
      "clientName": "nextdns-ios",
      "deviceName": "iPhone",
      "deviceID": "2GMDP",
      "deviceModel": "Apple iPhone16,2"
      }
    • Michael_Nieuwstraten
    • 2 yrs ago
    • Reported - view

    I don't know if this is related, but I couldn't reach multiple pages on the web. Apple support pages like this one, for example. iCloud.com wouldn't load as well..

    I only have "oisd full" list enabled, enabled all the switches on the Security, Privacy and Settings pages.

    When disabling NextDNS they load instantly, so it must be NextDNS related but no blocks appear in the logs. After trying a lot, switching everything off and on multiple times it seems that disabling the "Block Dynamic DNS Hostnames" works for me. Support pages and iCloud.com load fine now. Only tried it a short time so I can't wether it will continue to work.

    But it clear that there is something not okay with NextDNS enabled..

      • Michael_Nieuwstraten
      • 2 yrs ago
      • Reported - view

      Disabling "Block Dynamic DNS Hostnames" didn't work as expected. Apple pages stopped loading again.. But good to know: App Store and Apple Music loads perfectly fine on my side. It only happens with Support pages on support.apple.com and iCloud.com. (so maybe it's not entirely related)

      I tried step 1 from @NextDNS post and it started to load immediately, but still a bit slower than without NextDNS (DNS from ISP).  Changing it to Quad9 it loads as fast as my ISP DNS.

      The strangest thing is, sometimes it does work sometimes it doesn't..

      My ISP is also Ziggo, located near Rotterdam, NL.

      {
      "status": "ok",
      "protocol": "DOH",
      "profile": "fp430c5cffa76eecc3",
      "client": "2001:1c02:1504:4000:45cc:*:*:*",
      "srcIP": "2001:1c02:1504:4000:45cc:*:*:*",
      "anycast": false,
      "server": "vultr-ams-1",
      "clientName": "nextdns-mac",
      "deviceName": "MacBook Pro van Michael",
      "deviceID": "FIJRU",
      "deviceModel": "Apple MacBookPro18,3"
      }
      
      • Michael_Nieuwstraten
      • 2 yrs ago
      • Reported - view

      Update:

      Unfortunately disabling "Block Dynamic DNS Hostnames" didn't resolve it.. Couldn't sign in to beta.apple.com and couldn't find any iOS and macOS updates.. Disabling NextDNS resolved this immediately. It doesn't matter what I disable on my.nextdns.io, nothing seems to work. Sometimes it works, most of the times it doesn't.

    • Abe_Moss
    • 2 yrs ago
    • Reported - view

    Thank you for posting. I have the same issue with App Store / Apple Music / iTunes, and it prevents most Apple connected devices (except one) from functioning

    For instance, two brand new HomePod Mini speakers fail to connect to Apple Music and iTunes on Apple TV. 

    I've exhausted every possible combination of troubleshooting steps that I could muster, but to no avail.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Abe Moss We have updated our response with some debugging steps that would help us isolate the issue, could you check it out?

      • Abe_Moss
      • 2 yrs ago
      • Reported - view

      NextDNS 

      I don't achieve any success via disabled "Threat Intel Feeds", nor any other blacklists for that matter. 

      The only solution so far is to blow away the NextDNS profile on the Apple TV 4K device. 

      The device functions as intended with Quad9, Cloudflare, and a couple of other 3rd party DNS provider's settings manually plugged in.

      My ISP is AT&T (the Gigabit Fiber internet access).

      The Apple TV console is hooked directly into AT&T's Nokia Gateway via CAT7 Ethernet cable, and the connection is the most reliable I've had anywhere in the US (residential setting).

      I'm currently in Greenville, SC.

      Thank you!

    • Christiaan_Slim
    • 2 yrs ago
    • Reported - view

    Same here. Also Ziggo/Vodafone. 1.1.1.1 and 9.9.9.9 work fine. Also switching to cellular data (with NextDNS enabled) instantly fixes the issue. 
     

    Update: same is true for enabling VPN (with DNS via NextDNS).

      • Michael_Nieuwstraten
      • 2 yrs ago
      • Reported - view

      Christiaan Slim Exactly the same over here. Could it have something with Ziggo?

      • Leo_Kennis
      • 2 yrs ago
      • Reported - view

      Michael Nieuwstraten Ziggo is a common factor but so is NextDNS…seems they don’t interact as they should. 

      • Michael_Nieuwstraten
      • 2 yrs ago
      • Reported - view

      Leo Kennis Does disabling "AI-driven threat detection" helps in loading? I tried many things and this one gave me the best (but still not perfect) results, just curious.

      • Leo_Kennis
      • 2 yrs ago
      • Reported - view

      Michael Nieuwstraten For me, in order of effectiveness:

      1. Disabling NextDNS: prevents 100% of issues
      2. Disabling  “Threat Intelligence Feeds”: prevents 75% of issues
      3. Disabling other features, blocklists, whitelisting: prevents <1% of issues
    • Peter_Hartman
    • 2 yrs ago
    • Reported - view

    Glad I found this topic. Same for me using KPN in Amsterdam region. When using NextDNS I have extreme difficulty reaching anything iTunes store or App store related.  Tried all settings but nothing works (except disabeling NextDNS).  I am going to cancel my NextDNS subscription because....

    • Leo_Kennis
    • 2 yrs ago
    • Reported - view

    @NextDNS Any news on this topic?

    • TechFan
    • 2 yrs ago
    • Reported - view

    Hello everyone,

    I also wanted to share some relevant info.

    Just to be explicit, I experienced **the “update all [apps]” button not working as expected in App Store**. App-update-indicator keep spinning and spinning and eventually stop not having updated anything. Confusingly, one can update single apps one by one manually, but not via the update all app. 😶

    I also started with my filters, but there wasn’t really going on anything special besides an occasional ad query coming from inside the App Store (so I assume), changing the filters did not fix the problem.

    I stumbled on (older) references to EDNS under the config\performance where I started to experiment with different combinations of these switches.

    ! Warning for skimmers: messing with these dns settings will take at least 5 minutes to propagate so the dns cache records expire so your changes will not always effect your device real-time.

    My working hypothesis is that the switch *Cache-boost* can be a work around. What the *true* reason for this relative new undesired (iOS) behaviour is, remains to be seen, but turning off the cache boost resulted in me being able to update-all apps again.

    I use the app and have a dedicated profile for iOS devices.

    If you choose to test, do this:

    Put everything the way you like again. All bells and whistles you no Apple domain in exception or block list.

    **Disable cache-boost**; you may leave edns and flattening enabled. 

    In my case I had the beta threat intelligence disabled.  
     

    Set a timer for 5 minutes and wait.

    After 5 minutes, go to app store. Touch your initials, drag down to refresh update page. Press update all. 
     

    I have witnessed succes a few times, but it is limited to the number of devs pushing new updates. **I need more data**. Feel free to share.

    Hopefully this helps and aid NextDNS in figuring out what is going on. ✌️

    P.s. Cache-boost is a good feature because TTL of 5 seconds have downsides, but in this case - for assumed fixing purposes - I accept it disabled. I do not recommend this for shared NextDNS-profiles for other devices, only for test-fixing iOS. 
     

Content aside

  • 9 Likes
  • 7 mths agoLast active
  • 52Replies
  • 2087Views
  • 18 Following