1

Android can't connect to private DNS service sometimes

it keeps stopping and coming back minutes or hours later, Adguard DNS works fine so that's probably a nextDNS issue

3 replies

null
    • philwo
    • 4 days ago
    • Reported - view

    I'm also seeing this on my side regularly, since a few weeks and couldn't figure out what might cause it yet. It happens even when connected via the mobile phone network, so it doesn't seem to be due to any issue on my home Wi-Fi.

    Today, I looked into another issue, where DNS requests via NextDNS sometimes hang on my Linux router and connected clients. It seems that the IPv6 addresses hosted at "zepto-tyo" sometimes don't answer HTTPS nor pings. Running the diag script during such a moment showed the following output. Intestingly, the problem always seems to fix itself after a few minutes, but regularly comes back multiple times a day.

    I wonder if this is the same root cause, and when Android randomly picks the non responding IPv6 address for checking whether private DNS works, it shows the error, whereas when it picks the other one, it works.

    $ host dns.nextdns.io
dns.nextdns.io is an alias for steering.nextdns.io.
steering.nextdns.io has address 103.170.232.254
steering.nextdns.io has address 167.179.109.118
steering.nextdns.io has IPv6 address 2a0b:4341:b02:166:5054:ff:fe53:ab1
steering.nextdns.io has IPv6 address 2001:19f0:7001:5e19:5400:2ff:fec8:7b5a

$ sh -c 'sh -c "$(curl -s https://nextdns.io/diag)"'
Testing IPv6 connectivity
  available: true
Fetching https://test.nextdns.io
  status: ok
  client: 240b:11:3042:[...]
  protocol: UDP
  dest IP:
  server: vultr-tyo-1
Fetching PoP name for ultra low latency primary IPv4 (ipv4.dns1.nextdns.io)
  zepto-tyo: 39.293ms
Fetching PoP name for ultra low latency secondary IPv4 (ipv4.dns2.nextdns.io)
  vultr-tyo: 6.832ms
Fetching PoP name for anycast primary IPv4 (45.90.28.0)
  zepto-tyo: 34.238ms
Fetching PoP name for anycast secondary IPv4 (45.90.30.0)
  vultr-tyo: 6.878ms
Fetching PoP name for ultra low latency primary IPv6 (ipv6.dns1.nextdns.io)
Fetch error: Get "https://dns.nextdns.io/info": dial tcp [2a0b:4341:b02:166:5054:ff:fe53:ab1]:443: connect: connection timed out
Fetching PoP name for ultra low latency secondary IPv6 (ipv6.dns2.nextdns.io)
  vultr-tyo: 8.63ms
Fetching PoP name for anycast primary IPv6 (2a07:a8c0::)
Fetch error: Get "https://dns.nextdns.io/info": dial tcp [2a07:a8c0::]:443: connect: connection timed out
Fetching PoP name for anycast secondary IPv6 (2a07:a8c1::)
  vultr-tyo: 5.905ms
Pinging PoPs
  zepto-tyo: 6.312ms
  vultr-tyo: 5.75ms
  vultr-tyo (IPv6): 6.898ms
  vultr-sel: 38.589ms
  vultr-sel (IPv6): 37.988ms
  zepto-sel: 63.652ms
  anexia-hkg: 55.996ms
  anexia-hkg (IPv6): 58.138ms
  zepto-hkg (IPv6): 57.606ms
  zepto-hkg: 65.017ms
  lightnode-tpe: 71.984ms
  zepto-tpe: 83.986ms
  zepto-tpe (IPv6): 83.244ms
  lightnode-mnl: 86.861ms
  premiumrdp-mnl: 134.757ms

    About 15 minutes later, I checked again via curl and the addresses were reachable now:

    $ for ip in 103.170.232.254 167.179.109.118 '2a0b:4341:b02:166:5054:ff:fe53:ab1' '2001:19f0:7001:5e19:5400:2ff:fec8:7b5a' '2a07:a8c0::' '2a07:a8c1::'; do echo "== $ip =="; curl --resolve "dns.nextdns.io:443:$ip" https://dns.nextdns.io/info; echo; done
== 103.170.232.254 ==
{"locationName": " Tokyo, Japan", "pop": "zepto-tyo", "rtt": 22001}
== 167.179.109.118 ==
{"locationName": " Tokyo, Japan", "pop": "vultr-tyo", "rtt": 6508}
== 2a0b:4341:b02:166:5054:ff:fe53:ab1 ==
{"locationName": " Tokyo, Japan", "pop": "zepto-tyo", "rtt": 20013}
== 2001:19f0:7001:5e19:5400:2ff:fec8:7b5a ==
{"locationName": " Tokyo, Japan", "pop": "vultr-tyo", "rtt": 6987}
== 2a07:a8c0:: ==
{"locationName": " Tokyo, Japan", "pop": "zepto-tyo", "rtt": 18000}
== 2a07:a8c1:: ==
{"locationName": " Tokyo, Japan", "pop": "vultr-tyo", "rtt": 6139}

    I uploaded the report here: https://nextdns.io/diag/18119950-4f06-11f0-9d4d-fb1f6b707d85

      • Ren.3
      • 2 days ago
      • Reported - view

      does this service not have a customer service or anything who's running the company damn

    • philwo
    • 2 days ago
    • Reported - view

    Yesterday I switched my dnsmasq configuration to only use the IPv4 addresses of NextDNS as a workaround for the occasional issues with the IPv6 servers.

    Today, I got the "Private DNS server cannot be accessed" message again, and also noticed that DNS requests from my clients in the LAN were hanging. This time it seems like both IPv4 servers are down in Tokyo:

    # host dns.nextdns.io 2a07:a8c0::
Using domain server:
Name: 2a07:a8c0::
Address: 2a07:a8c0::#53
Aliases:

dns.nextdns.io is an alias for steering.nextdns.io.
steering.nextdns.io has address 103.170.232.254
steering.nextdns.io has address 167.179.109.118
steering.nextdns.io has IPv6 address 2a0b:4341:b02:166:5054:ff:fe53:ab1
steering.nextdns.io has IPv6 address 2001:19f0:7001:5e19:5400:2ff:fec8:7b5a

# for ip in 103.170.232.254 167.179.109.118 '2a0b:4341:b02:166:5054:ff:fe53:ab1' '2001:19f0:7001:5e19:5400:2ff:fec8:7b5a' '2a07:a8c0::' '2a07:a8c1::' '45.90.28.111' '45.90.30.111'; do echo "== $ip =="; curl --connect-timeout 1 --resolve "dns.nextdns.io:443:$ip" https://dns.nextdns.io/info; echo; done
== 103.170.232.254 ==
curl: (28) Failed to connect to dns.nextdns.io port 443 after 1001 ms: Timeout was reached

== 167.179.109.118 ==
curl: (28) Failed to connect to dns.nextdns.io port 443 after 1001 ms: Timeout was reached

== 2a0b:4341:b02:166:5054:ff:fe53:ab1 ==
{"locationName": "🇯🇵 Tokyo, Japan", "pop": "zepto-tyo", "rtt": 6147}

== 2001:19f0:7001:5e19:5400:2ff:fec8:7b5a ==
{"locationName": "🇯🇵 Tokyo, Japan", "pop": "vultr-tyo", "rtt": 8577}

== 2a07:a8c0:: ==
{"locationName": "🇯🇵 Tokyo, Japan", "pop": "zepto-tyo", "rtt": 6245}

== 2a07:a8c1:: ==
{"locationName": "🇯🇵 Tokyo, Japan", "pop": "vultr-tyo", "rtt": 6319}

== 45.90.28.111 ==
curl: (28) Failed to connect to dns.nextdns.io port 443 after 1001 ms: Timeout was reached

== 45.90.30.111 ==
curl: (28) Failed to connect to dns.nextdns.io port 443 after 1000 ms: Timeout was reached

### zepto-typ: IPv4 down, IPv6 works

# mtr -rw -c 3 103.170.232.254
Start: 2025-06-24T08:10:37+0900
HOST: pve                                       Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 27.85.198.146                              0.0%     3    6.0   6.0   5.8   6.1   0.2
  2.|-- 27.85.198.145                              0.0%     3    6.1   5.9   5.7   6.1   0.2
  3.|-- 27.93.242.177                              0.0%     3    6.7   7.5   6.6   9.1   1.4
  4.|-- 27.85.228.38                               0.0%     3    6.6   6.3   5.7   6.6   0.5
  5.|-- 210.171.225.113                            0.0%     3    6.5   6.2   5.7   6.5   0.4
  6.|-- po400.ty-eqxty8-bb1.globalsecurelayer.com  0.0%     3    6.6   6.7   6.3   7.2   0.5
  7.|-- po50.ty-eqxty8-cr2.globalsecurelayer.com   0.0%     3    5.8   6.1   5.8   6.4   0.3
  8.|-- vl2.ty-eqxty8-sw4.globalsecurelayer.com    0.0%     3    6.1   6.1   5.9   6.2   0.1
  9.|-- e52-1.cr1a.eqty8.nrt4.jp.917.as            0.0%     3    5.9   5.9   5.8   6.0   0.1
 10.|-- e31-10.spine1.nrt04.jp.misaka.io           0.0%     3    6.0   6.4   6.0   6.7   0.4
 11.|-- po-31.lag.nrt04.jp.misaka.io               0.0%     3    6.3   6.3   6.1   6.4   0.2
 12.|-- ???                                       100.0     3    0.0   0.0   0.0   0.0   0.0

# mtr -rw -c 3 2a0b:4341:b02:166:5054:ff:fe53:ab1
Start: 2025-06-24T08:11:19+0900
HOST: pve                                 Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 240b:11:309f:ffff::fffd              0.0%     3   11.2  10.4   8.9  11.2   1.3
  2.|-- ???                                 100.0     3    0.0   0.0   0.0   0.0   0.0
  3.|-- ???                                 100.0     3    0.0   0.0   0.0   0.0   0.0
  4.|-- 2404:9200:226:4::1                   0.0%     3   12.6  10.4   5.4  13.0   4.3
  5.|-- ???                                 100.0     3    0.0   0.0   0.0   0.0   0.0
  6.|-- 2001:268:fa02:1b2::1                 0.0%     3    7.0   6.6   5.1   7.7   1.3
  7.|-- 2001:268:fa02:1b2::2                 0.0%     3    5.9   5.6   5.2   5.9   0.3
  8.|-- 2001:268:fc02:51::2                  0.0%     3    6.5   8.2   6.5  10.0   1.8
  9.|-- ???                                 100.0     3    0.0   0.0   0.0   0.0   0.0
 10.|-- ae-0.a01.tokyjp09.jp.bb.gin.ntt.net  0.0%     3    6.8  14.6   6.8  30.0  13.4
 11.|-- 2001:218:3000:5000::265              0.0%     3    6.2   6.7   6.1   7.9   1.0
 12.|-- po66-3518.cr01.nrt04.jp.misaka.io    0.0%     3    5.8   5.9   5.4   6.4   0.5
 13.|-- e32-20.spine1.nrt04.jp.misaka.io     0.0%     3    6.0   5.8   5.5   6.0   0.3
 14.|-- po-31.lag.nrt04.jp.misaka.io         0.0%     3    6.2   5.9   5.7   6.2   0.3
 15.|-- dns.nextdns.io                       0.0%     3    6.0   6.6   6.0   7.3   0.6

### vultr-tyo: IPv4 down, IPv6 works

# mtr -rw -c 3 167.179.109.118
Start: 2025-06-24T08:10:50+0900
HOST: pve                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 27.85.198.146                         0.0%     3    6.9   6.5   6.0   6.9   0.4
  2.|-- 27.85.198.145                         0.0%     3    8.7   7.9   5.8   9.1   1.8
  3.|-- 27.86.120.157                         0.0%     3    7.6   7.9   7.5   8.6   0.6
  4.|-- 27.86.123.170                         0.0%     3    6.1   6.3   5.8   7.1   0.7
  5.|-- 63-218-147-241.static.as3491.net      0.0%     3    7.0   6.7   6.0   7.1   0.6
  6.|-- Bundle-Eth53.clbr01.tok02.as3491.net  0.0%     3    7.0   7.3   7.0   7.6   0.3
  7.|-- 63-216-242-46.static.as3491.net       0.0%     3   58.4  24.8   7.8  58.4  29.1
  8.|-- ???                                  100.0     3    0.0   0.0   0.0   0.0   0.0
  9.|-- ???                                  100.0     3    0.0   0.0   0.0   0.0   0.0
 10.|-- 66.42.47.184.vultrusercontent.com     0.0%     3    6.5   6.6   6.5   6.7   0.1
 11.|-- ???                                  100.0     3    0.0   0.0   0.0   0.0   0.0

# mtr -rw -c 3 2001:19f0:7001:5e19:5400:2ff:fec8:7b5a
Start: 2025-06-24T08:11:34+0900
HOST: pve                                           Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 240b:11:309f:ffff::fffd                        0.0%     3   10.7  10.6   9.8  11.4   0.8
  2.|-- ???                                           100.0     3    0.0   0.0   0.0   0.0   0.0
  3.|-- ???                                           100.0     3    0.0   0.0   0.0   0.0   0.0
  4.|-- 2404:9200:226:e::1                             0.0%     3    6.0   7.0   5.6   9.4   2.1
  5.|-- ???                                           100.0     3    0.0   0.0   0.0   0.0   0.0
  6.|-- 2001:268:fa02:119::1                          66.7%     3    7.3   7.3   7.3   7.3   0.0
  7.|-- 2001:268:fa02:119::2                           0.0%     3    6.0   5.9   5.7   6.1   0.2
  8.|-- 2001:268:fc02:51::2                            0.0%     3    7.1   6.8   6.5   7.1   0.3
  9.|-- ???                                           100.0     3    0.0   0.0   0.0   0.0   0.0
 10.|-- ae-0.a01.tokyjp09.jp.bb.gin.ntt.net            0.0%     3    6.8  13.0   6.8  24.8  10.2
 11.|-- ce-3-5-3.a01.tokyjp09.jp.ce.gin.ntt.net        0.0%     3   10.2  29.6   8.1  70.5  35.4
 12.|-- ethernetae4-sr1.tyo2.constant.com              0.0%     3   11.8   8.5   6.8  11.8   2.9
 13.|-- ethernetswp25-ds1-u3-r714-b.tyo2.constant.com  0.0%     3    6.2   6.8   6.2   7.3   0.6
 14.|-- 2001:19f0:7000:4c6::33                         0.0%     3    6.8   6.1   5.6   6.8   0.6
 15.|-- dns.nextdns.io                                 0.0%     3    7.8   8.1   6.7   9.7   1.5
Login to reply

Content aside

  • 1 Votes
  • 2 days agoLast active
  • 3Replies
  • 87Views
  • 2 Following