1

NextDNS blocked by provider?

Hi all,

since a couple of days, NextDNS stopped working over my fixed Internet connection.  This has been working for 2 years now, flawlessly, but stopped working abruptly. 

Using tcpdump to monitor outgoing requests from various devices towards NextDNS servers (e.g. 45.90.30.0 or 45.90.28.0) being transmitted, but no answer is received. I've performed this tcpdump on my firewall, the last device I can access before packets are sent to the modem and Internet.

Configuring my devices to use GoogleDNS overcomes this problem. Similarly I see requests being sent to GoogleDNS and being answered properly. I asked my ISP if they started blocking traffic to NextDNS servers (I'm aware of an ISP in my country doing so), but their answer was no.

Bypassing my fixed internet line and doing similar test over my 5G connection are all successfully.  NextDNS works perfect. Also tested sending ICMP echo requests both over 5G and fixed internet line, where echo replies are received in case of 5G and timeouts are shown in case of fixed internet line. A traceroute however works fine in both cases.

Any idea how to diagnose this issue further? Other potential causes:

  • my public IP / ISP ranges are part of blacklist that is used by NextDNS
  • NextDNS blocked specific ranges, including my ISP's range since a while for whatever reason.
  • My ISP does block traffic to NextDNS, but does not admit it....
  • others?

Do note:

  • my modem attached to my firewall does have specific configuration, only does PPoE and having a small routing subnet between firewall and modem
  • my public IP is linked to NextDNS via DDNS and is correct

Thank you for your help

SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# tcpdump -nli any icmp and host 45.90.30.0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
^Z[1]+  Stopped                    tcpdump -nli any icmp and host 45.90.30.0
SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# bg
[1] tcpdump -nli any icmp and host 45.90.30.0
SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# ping 45.90.30.0
PING 45.90.30.0 (45.90.30.0): 56 data bytes
22:03:54.270338 Port2, OUT: IP 172.16.25.2 > 45.90.30.0: ICMP echo request, id 26390, seq 0, length 64
22:03:55.270481 Port2, OUT: IP 172.16.25.2 > 45.90.30.0: ICMP echo request, id 26390, seq 1, length 64
22:03:56.270638 Port2, OUT: IP 172.16.25.2 > 45.90.30.0: ICMP echo request, id 26390, seq 2, length 64
22:03:57.270786 Port2, OUT: IP 172.16.25.2 > 45.90.30.0: ICMP echo request, id 26390, seq 3, length 64
22:03:58.270939 Port2, OUT: IP 172.16.25.2 > 45.90.30.0: ICMP echo request, id 26390, seq 4, length 64
^C
--- 45.90.30.0 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# fg
tcpdump -nli any icmp and host 45.90.30.0
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel
SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# tcpdump -nli any icmp and host 8.8.8.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
^Z[1]+  Stopped                    tcpdump -nli any icmp and host 8.8.8.8
SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# bg
[1] tcpdump -nli any icmp and host 8.8.8.8
SFVH_SO01_SFOS 21.0.0 GA-Build169 HA-Primary# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
22:04:21.071637 Port2, OUT: IP 172.16.25.2 > 8.8.8.8: ICMP echo request, id 38678, seq 0, length 64
22:04:21.082191 Port2, IN: IP 8.8.8.8 > 172.16.25.2: ICMP echo reply, id 38678, seq 0, length 64
64 bytes from 8.8.8.8: seq=0 ttl=60 time=10.743 ms
22:04:22.071776 Port2, OUT: IP 172.16.25.2 > 8.8.8.8: ICMP echo request, id 38678, seq 1, length 64
64 bytes from 8.8.8.8: seq=1 ttl=60 time=10.345 ms
22:04:22.082013 Port2, IN: IP 8.8.8.8 > 172.16.25.2: ICMP echo reply, id 38678, seq 1, length 64
22:04:23.071950 Port2, OUT: IP 172.16.25.2 > 8.8.8.8: ICMP echo request, id 38678, seq 2, length 64
22:04:23.082286 Port2, IN: IP 8.8.8.8 > 172.16.25.2: ICMP echo reply, id 38678, seq 2, length 64
64 bytes from 8.8.8.8: seq=2 ttl=60 time=10.443 ms
22:04:24.072086 Port2, OUT: IP 172.16.25.2 > 8.8.8.8: ICMP echo request, id 38678, seq 3, length 64
22:04:24.082193 Port2, IN: IP 8.8.8.8 > 172.16.25.2: ICMP echo reply, id 38678, seq 3, length 64
64 bytes from 8.8.8.8: seq=3 ttl=60 time=10.279 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 10.279/10.452/10.743 ms

 

 

5 replies

null
    • NextDNs
    • 3 wk ago
    • Reported - view

    Please share you IP in DM so we can check if it got added to a block rule for one reason or another. 

      • Steven_Lievens
      • 3 wk ago
      • Reported - view

       DM'ed my public IP.

      Thank you for checking.

      • NextDNs
      • 3 wk ago
      • Reported - view

      thanks, can you please share a https://nextdns.io/diag

      • Steven_Lievens
      • 3 wk ago
      • Reported - view

       I've submitted the report via the script, but as of now everything seems to work fine again. Since today I'm able to ping the NextDns servers again (I do receive an answer now). Rolling back the temporary workaround (googledns), so restoring normal operations via NextDNS. So no need from my side for further analysis. FYI: I did not change anything...

      • NextDNs
      • 3 wk ago
      • Reported - view

       neither did we. It is likely some interconnection issue with your provider. Hard to tell without more data. Glad it's now fixed. Please let us know if it happens again.

Login to reply

Content aside

  • 1 Likes
  • 3 wk agoLast active
  • 5Replies
  • 161Views
  • 2 Following