3

Private DNS server cannot be accessed when switching to Mobile (Bell Canada)

I have a Samsung S24 Ultra (this same thing was happening on my S23 Ultra as well). It is setup with Private DNS (netid.dns.nextdns.io). I've also tried with a hostname at the start (phone.netid.nextdns.io). I"m on Bell Mobility in Canda.

Quite often when I leave the house (mind you, it's not every time) I will find after a while that the connection isn't working. No site will come up, mail not received, no notifications. Upon investigation, the private DNS will read "Private DNS server cannot be access". If I flip it to automatic or none, it will immediately start working again. And when I flip it back to Private DNS, it will continue working.

I can't seem to nail down why this is happening.

A friend, same phone, also with NextDNS has no problems. The only thing I can find different in our setups is he's on a different cellular provider.

Not sure what to try next to troubleshoot. 

25 replies

null
    • R_P_M
    • 7 mths ago
    • Reported - view

    Well, going on what you’ve said it’s most likely to be your cellular network provider that’s at fault. Seeing as you mentioned your friend with same setup on a different network works ok. 

      • Andy_Serwatuk
      • 7 mths ago
      • Reported - view

       Tha'ts fair.. but.. what would it be that the Cell provider is doing/blocking that could be the culprit?
      I'm happy to go toe to toe with their support team, but I'm not sure what I should be pointing at.

      • R_P_M
      • 7 mths ago
      • Reported - view

       Hmm… Not really sure what the exact lock out could be caused by. Could be some sort of connection timeout if no provider dns usage?

      There’s one thing you could try and that’s to use an app to get a DoH connection to NextDNS. If that also suffers the same problem then it could be some timeout condition being implemented. If it works constantly, then there’s some sort of restriction to DoT on the network. 

    • Mistahgreen
    • 6 mths ago
    • Reported - view

    Confirming the same issue with AT&T in the USA. Using the same setup with Android Private DNS DoT NextDNS setup. 

    • Andy_Serwatuk
    • 6 mths ago
    • Reported - view

    Quick update. 
    I switched over to ControlD. Having, overall, far less problems than with nextdns.

    No problems on the android, and my local network is much happier too. 

    • Mistahgreen
    • 6 mths ago
    • Reported - view

    I tried just doing Android Private DNS with Quad 9 (over TLS) and I still got the Private DNS Server Cannot Be Accessed error. It can't be a NextDNS problem if multiple endpoints are throwing the same error. It has to be an Android/Samsung specific issue. Just my thoughts...

      • Andy_Serwatuk
      • 6 mths ago
      • Reported - view

       but if it happens with NextDNS and not ControlD on the same phone, then it's not likely to be Android. 

      • NextDNs
      • 6 mths ago
      • Reported - view

       it is likely an issue with a domain blocked by one of the blocklists you enabled on this profile. Did you check the logs for blocked domains on this device?

      • Andy_Serwatuk
      • 6 mths ago
      • Reported - view

       What domain would I be checking?
      I'm not sure this would make sense since the error is that it can't reach Nextdns DNS server over Private DNS. So, a blocklist wouldn't even be in play at this point since it cant' reach the DNS server in order to query it.

       

      Which actually leads me to another issue I've had with NextDNS is my IoT network doesn't behave very well with NextDNS. Despite there being nothing in the logs (blocks or even queries) from IoT devices, they just don't work well at all. But the minute I put them on ControlD they worked flawlessly and responsively.

      I've just had too many problems with NextDNS that I can't seem to sovle or even find workarounds... and ControlD worked instantly.

      • Mistahgreen
      • 6 mths ago
      • Reported - view

      without doing a like for like comparison with the same exact block lists it would be hard to say. I have tried Quad 9, NextDNS and Control D and all have given me the same issue now. I'm going to try a NextDNS profile that blocks nothing and share my results. It would be awesome if we could isolate it down to Samsung giving a silly error message for a blocked domain. Then we can just go on the hunt in the logs for a blocked domain. I have no proof but I feel strongly that the error message only comes up when a domain is blocked. I don't think it's a routing problem with getting traffic to egress. I might be totally wrong. But...let's give it a shot? 

      • Mistahgreen
      • 6 mths ago
      • Reported - view

      & Andy - Interesting findings. Using a NextDNS config with no Blocklists (but other settings turned on in the Security Tab) I got no "Network has no internet access" errors while connected to Wifi. Immediately as I switched over to ATT's cellular network, the error messages started coming in (frequently) and the NextDNS logs show no blocked domains.

      I'm stuck. It seems to be an ATT issue/cellular network issue now? Hard to pin it down, but I think that it's a port/protocol block or rate limit on the ATT side.

      Current test is while still on the ATT Cellular network, switch to dns.quad9.net and watch for the error notification. This would help to prove that ATT is blocking requests to NextDNS.

      A Few Moments Later...

      Error message came up! So it's now either ATT or Samsung doing something dodgy. My iPhone friends are complaining so I think it's Samsung. Would love to see other people comment here...

      • Andy_Serwatuk
      • 6 mths ago
      • Reported - view

       I'm more than happy to help out, but my NextDNS subscription has now lapsed. If there's something I can still do, let me know.

      I'm still not exactly sure how the block list comes into this. I'll try to describe the scenario again, just for clarity.

      Scenario 1 : Samsung Phone configured with Private DNS pointed at NextDNS

      1. When connected to home wifi, which has NextDNS on the whole network, it connects fine, no errors.
      2. When I switch to Mobile data or another Wifi network, I will get an error that Private DNS server cannot be reached. To resolve I switch Private DNS to "Automatic" or "Off", internet connectivity is restored, and then I can turn Private DNS back on and pointed to NextDNS. It will not work at all until I perform these steps or reconnect to home wifi.

      Scenario 2 : Samsung Phone configured with Private DNS pointed at ControlD

      1. When connected to home wifi, which has ControlD on the whole network, it connects fine, no errors.

      2. When I switch to mobile data or another Wifi network, it connects fine, no errors.

       

      So, given that the issue is that my Private DNS configuration can't connect to NextDNS, I fail to see how the blocklist provided by NextDNS could be the issue. And since it works with ControlD on the same phone without issue, then I fail to see how it could be a Samsung/Android issue.
       

      • Mistahgreen
      • 6 mths ago
      • Reported - view

      Totally agree with you...I'm sad we aren't having the same exact issues. For me, Quad9, ControlD and NextDNS are throwing the Cannot Connect Error via Private DNS. Wifi or Cellular is the same behavior.

      • Andy_Serwatuk
      • 6 mths ago
      • Reported - view

       I have heard that there were cellular providers that were blocking the use of DoH. Bell Canada wasn't one of them, which is why I was investigating the issue.

      That is weird that you're getting it for all of them though... and on both networks.

      • Mistahgreen
      • 6 mths ago
      • Reported - view

      just curious. Do you have a work Profile on your device? I have a feeling that the work profile is doing something weird with respect to the Resolver choice. For testing I've turned off my Work Profile today (Saturday May 25 2024). I've gotten the Private DNS Server Cannot Be Accessed error exactly 0 times. 

      • Andy_Serwatuk
      • 6 mths ago
      • Reported - view

       I do have a work profile.
      I'm not able to test with NextDNS anymore as my subscription expired. But let me know how it goes.

      • Mistahgreen
      • 6 mths ago
      • Reported - view

      it's working perfectly fine with the work profile turned off. Turn it on and you start to get the intermittent errors. 

    • Alan.3
    • 6 mths ago
    • Reported - view

    I'm having similar issues on two different devices (s24 plus and s10 plus), except this happens even without switching networks. Only happens on wifi after being connected for a while- mobile data works constantly. Turning off NextDNS or switching to data and back to wifi resolves the issue instantly. My S10 Plus used to be my daily device and it works well until now, so something on NextDNS' end is messed up from my guess.

      • Mistahgreen
      • 6 mths ago
      • Reported - view

      do you have a work Profile? 

      • Alan.3
      • 6 mths ago
      • Reported - view

       nope. But I tested out controld as Andy did and it works flawlessly.

    • Yegor
    • 4 mths ago
    • Reported - view

    This is gonna sound weird, I'm from Control D and we've been troubleshooting this exact issue... except in reverse where people say this happens with Control D, and when they switch to NextDNS the problem goes away.  

    Wanna colab on the troubleshooting? We've spent days on this and can't seem to figure out the cause except that it somehow relates to CGNAT on some cell networks. 

    Using DOH (via app) solves the issue too. 

      • Mistahgreen
      • 4 mths ago
      • Reported - view

      I am still fervently believing that the issue is with a Work Profile being used for Android devices. I turned off my Work Profile on my Samsung Galaxy S23 Ultra and the issues disappear immediately. As soon as I turn it back on, it's a flood of errors. You mention Carrier Grade NAT, how so? Are there really mobile providers out there today not using v6?

      • Yegor
      • 4 mths ago
      • Reported - view

       Interesting insight, we'll look into that, although it doesn't explain random behavior with different DNS providers, all using the same protocol. 

      Yes, there are many ISPs out there who don't support IPv6. 2 reports we're troubleshooting don't. 

      • Yegor
      • 4 mths ago
      • Reported - view

      Several users confirmed this is NOT the issue, as they're not using work profiles. 

      • Alan.3
      • 4 mths ago
      • Reported - view

       Are you able to pinpoint which phones that these users are using? A quick google search might show that it seems to be something related to the S23/S24 series. This doesn't explain why this happened to my S10+, however I did notice this issue began after I transferred my data from the S10+ to my S24+, also my issue MIGHT be different as this issue occured to me only under a Wifi connection and not a mobile data connection (I did not see any drops in WiFi).

       

      Again, it all works perfectly well when Private DNS isn't set or when I'm using ControlD. I can't offer any more advice as I'm not an expert in this field, 

Content aside

  • 3 Likes
  • 4 mths agoLast active
  • 25Replies
  • 860Views
  • 7 Following