0

Microsoft website not loading with Anonymized EDNS

Microsoft.com sites are not accessible when the "Anonymized EDNS Client Subnet" option is enabled ( Thank you for your patience. We are currently experiencing high demand. Please wait and try again later).
Microsoft sites are accessible when the option is disabled, but other addresses like google.com get very high latency.

6 replies

null
    • BigDargon
    • 2 mths ago
    • Reported - view

    Temporarily disable EDNS. I have a report here but it hasn't been fixed yet https://help.nextdns.io/t/g9yqzgr

      • Jardel
      • 2 mths ago
      • Reported - view

      In your case, when you disable it you have low latency. My case is a little different, when I disable it I get high latency for Google and other services. I have to decide between Microsoft and Google, I can't have the best of both :(

      I'm a nextdns anual plan but I'm sorry, there are long standing unresolved issues as well as latency issues when selecting the right nextdns server. I have only encountered problems in these 6 months as a nextdns customer.I'm a nextdns subscriber but I'm sorry, there are long standing unresolved issues as well as latency issues when selecting the right nextdns server. I have only encountered problems in these 6 months as a nextdns customer.

      • BigDargon
      • 1 mth ago
      • Reported - view

       You need to provide more details like diag, traceroute to the server before and after enabling EDNS. Otherwise, it is difficult for NextDNS dev to produce and fix it.

      • Jardel
      • 1 mth ago
      • Reported - view

       

      Today I am unable to access www.microsoft.com even after deactivating EDNS. I've already tried restarting the entire network, computer and clearing caches. Still I am able to access with ISP and public DNS (quad9, opendns, cloudflare...)

      My diag: https://nextdns.io/diag/bf837d60-fbfc-11ee-8fba-3f659a5b826d

      Note that IPv4 nextDNS routing is regular, it is not the fastest, but it is in a nearby location. As for IPv6 routing, it connects in Miami. Why doesn't IPv6 route within Brazil? The best latency for me is always in Curitiba (edgeuno-cwb) and the shortest geographic distance is Porto Alegre (edgeuno-poa).

      Primary IPv4 should always choose edgeuno-cwb (11ms), as the latency in edgeuno-poa is much higher (66ms).
      Also primary IPv6 should be edgeuno-cwb.

      MTR with NEXTDNS (EDNS enabled and disabled):

      |------------------------------------------------------------------------------------------|
      |                                      WinMTR statistics                                   |
      |                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
      |------------------------------------------------|------|------|------|------|------|------|
      |  2804:d57:5008:8f00:420e:f3ff:fe60:4a16 -    0 |   38 |   38 |    0 |    0 |    0 |    0 |
      |                       2804:d50:2:f000:: -    0 |   38 |   38 |    3 |   34 |  327 |    3 |
      |                      Request timed out. -  100 |    7 |    0 |    0 |    0 |    0 |    0 |
      |                     2804:d50:80:900d::2 -   40 |   15 |    9 |    0 |   16 |   17 |   16 |
      |                      Request timed out. -  100 |    7 |    0 |    0 |    0 |    0 |    0 |
      |             2800:6e0:200:41:41:1214:0:c -    0 |   38 |   38 |  129 |  129 |  129 |  129 |
      |                      2800:6e0:0:1::23:6 -    0 |   38 |   38 |  149 |  149 |  150 |  149 |
      |                      Request timed out. -  100 |    7 |    0 |    0 |    0 |    0 |    0 |
      |vlan101.r13.spine101.mia02.fab.netarch.akamai.com -    0 |   38 |   38 |  132 |  133 |  135 |  133 |
      |vlan113.r03.leaf101.mia02.fab.netarch.akamai.com -    0 |   38 |   38 |  144 |  144 |  147 |  144 |
      |vlan103.r12.tor101.mia02.fab.netarch.akamai.com -    0 |   38 |   38 |  130 |  130 |  131 |  131 |
      |g2600-1403-c400-0683-0000-0000-0000-356e.deploy.static.akamaitechnologies.com -    0 |   38 |   38 |  145 |  145 |  147 |  145 |
      |________________________________________________|______|______|______|______|______|______|

      MTR with Another DNS:

      |------------------------------------------------------------------------------------------|
      |                                      WinMTR statistics                                   |
      |                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
      |------------------------------------------------|------|------|------|------|------|------|
      |  2804:d57:5008:8f00:420e:f3ff:fe60:4a16 -    0 |   26 |   26 |    0 |    0 |    0 |    0 |
      |                       2804:d50:2:f000:: -    0 |   26 |   26 |    3 |  118 | 1226 |    3 |
      |                      Request timed out. -  100 |    5 |    0 |    0 |    0 |    0 |    0 |
      |                      Request timed out. -  100 |    5 |    0 |    0 |    0 |    0 |    0 |
      |                      Request timed out. -  100 |    5 |    0 |    0 |    0 |    0 |    0 |
      |                     2804:d40:80:b00e::2 -    0 |   26 |   26 |   17 |   17 |   17 |   17 |
      | ae1.r02.gru01.icn.netarch.akamai.com - 0 | 26 | 26 | 16 | 21 | 44 | 27 |
      | ae6.r02.poa01.ien.netarch.akamai.com - 0 | 26 | 26 | 33 | 36 | 60 | 34 |
      |ae5.r02.border.poa01.sdn.netarch.akamai.com -    0 |   26 |   26 |   31 |   40 |   74 |   32 |
      |vlan102.r04.spine.poa01.sdn.netarch.akamai.com -    0 |   26 |   26 |   31 |   31 |   32 |   31 |
      |vlan104.r01.tor.poa01.sdn.netarch.akamai.com -    0 |   26 |   26 |   31 |   31 |   32 |   31 |
      |g2600-1419-3e00-018e-0000-0000-0000-356e.deploy.static.akamaitechnologies.com -    0 |   26 |   26 |   35 |   35 |   38 |   35 |
      |________________________________________________|______|______|______|______|______|______|

      Note, with NextDNS Microsoft.com connect akamai in Miami-EUA, while other DNS connect akamai in Porto Alegre-Brazil.

      I also noticed that configuring only Windows 11 with DoH (IPv4 + IPv6) causes DNS leaks in browsers:
       

      But if I configure the browser with the same DoH, then no leakage occurs and NextDNS also gets a better location (edgeuno-poa/Porto Alegre) and no more (anexia-mia/Miami-EUA):

      • BigDargon
      • 1 mth ago
      • Reported - view

      If you use DNS IP 45.90.28.x/45.90.30.x then always connect to anycast server, which may be remote or not routed well. Ultralow servers located in or near your country. Ultralow servers are only available when you use encrypted DNS. https://help.nextdns.io/t/83y6qqw#83y6hlb

      • Jardel
      • 1 mth ago
      • Reported - view

       I'm always use DoH on Windows 11 and DoT on Android 13.
       

       

Content aside

  • 1 mth agoLast active
  • 6Replies
  • 176Views
  • 3 Following