4

Forced ultralow/anycast

I did some tests and this seems to work. If NextDNS can confirm this to be true.

So, in DoH

a.

1.https://anycast.dns2.nextdns.io/123456/abcdef
2.https://anycast.dns1.nextdns.io/123456/abcdef
3.https://anycast.dns.nextdns.io/123456/abcdef

a. 1. Will call anycast 2
a. 2. Will call anycast 1
a. 3. Will call either anycast 1 or 2

b.

1.https://ultralow.dns2.nextdns.io/123456/abcdef
2.https://ultralow.dns1.nextdns.io/123456/abcdef
3.https://ultralow.dns.nextdns.io/123456/abcdef

b. 1. Will call ultralow 2

b. 2. Will call ultralow 1

b. 3. Will call either ultralow 1 or 2

Is this true?

For DoT, is there something similar? I tried the same but it didn't work.

I have dns2 on serverwala-buh and dns1 on estnoc-buh from my tests.

"status": "ok",
"protocol": "DOH",
"configuration": "",
"client": "",
"destIP": "194.68.44.36",
"anycast": false,
"server": "serverwala-buh-1",
"clientName": "unknown-doh",
"deviceName": "AdGuardHTTPS",
"deviceID": ""

For some reason anycast is connecting only on Frankfurt even if it's never fastest. Ultralow is working amazing.

estnoc-buh                0 ms  (ultralow1)  
serverwala-buh (IPv6)     0 ms
■ serverwala-buh            1 ms  (ultralow2)  
zepto-sof                25 ms  
anexia-vie               28 ms (anycast2)  
anexia-vie (IPv6)        28 ms  (anycast2)  
exoscale-vie             29 ms  
anexia-sof               31 ms  
anexia-sof (IPv6)        35 ms   exoscale-vie (IPv6)      38 ms   zepto-waw (IPv6)         44 ms   anexia-waw               46 ms  
anexia-waw (IPv6)        46 ms   zepto-waw                48 ms   premiumrdp-ist           52 ms   edgeuno-ist (IPv6)       54 ms   zepto-sto                55 ms  (anycast1)  
zepto-sto (IPv6)         57 ms  (anycast1)   edgeuno-ist              92 ms  
dns1.nextdns.io (IPv6) error (ultralow1)
dns2.nextdns.io (IPv6) error (ultralow2)

21 replies

null
    • NextDNs
    • 3 yrs ago
    • Reported - view

    This is slightly more complex that that. All [*.]dns[1|2].nextdns.io hostnames are ultralow except anycast.$ which is a convenient hostname used by test.nextdns.io to test anycast. From there, any DoH or DoT client should use ultralow by default if they use the system DNS to resolve the dns.nextdns.io hostname. Some clients require that you provide a bootstrap IP (mostly DoT clients on routers). For these, ultralow is not an option and anycast will always be used.

    In the case of more advanced clients supporting the new HTTPS DNS record (mainly our cli and apple devices so far), ultralow will be used by default with a fallback to anycast for extra safety (which primary/secondary in each case, which gives you a tally of 4 paths). Our CLI will also use some more advanced tricks to ensure best steering and maximum resiliency.

    Finally dns1/dns2 are convenient hostnames to force only primary or secondary. For the record, primary and secondary (for anycast and ultralow) are operated on different networks with a different set of hosting providers and shifted rollout waves. All our regions have a primary and secondary point of presence.

      • losnad
      • 3 yrs ago
      • Reported - view

      I did had my NextDNS v6 configuration as bootstrap, I tried without it and still go to Frankfurt.

      • MarkG
      • 3 yrs ago
      • Reported - view

      losnad How do you bootstarp IP for v4 and v6?

      • losnad
      • 3 yrs ago
      • Reported - view

      In my case, I use AdGuard on Android. So, "Settings - Advanced - Low Level Settings - pref.dns.bootstrap"

      As for your other comment about DoT, the answer is right above your question.

      • MarkG
      • 3 yrs ago
      • Reported - view

      losnad Thank you.  I guess I'm going to download AdGuard Home so I could integrated it to my pfsense.  It has so many useful functions

      • MarkG
      • 3 yrs ago
      • Reported - view

      losnad Just installed AdGuard Home for pfsense.

      NextDNS is running flawlessly

      • Sharon_stewart
      • 1 yr ago
      • Reported - view

       Please, how do I prepend anycast to DoQ using my profile. e.g.

      Originally, "quic://devicename-NEXTDNS-ID.dns.nextdns.io" works

      "quic://anycast.dns1.nextdns.io" also works but not using my nextdns profile.

      So, how do I add my nextdns profile/ID to this?

    • losnad
    • 3 yrs ago
    • Reported - view

    Anycast go to the default IPs

    Anycast1 

    "status": "ok",
"protocol": "DOH",
"destIP": "45.90.28.0",
"anycast": true,
"server": "zepto-fra-1",
"clientName": "unknown-doh",
"deviceName": "AdGuardHTTPS",

Anycast2
"status": "ok",
"protocol": "DOH",
"destIP": "45.90.30.0",
"anycast": true,
"server": "anexia-fra-1",
"clientName": "unknown-doh",
"deviceName": "AdGuardHTTPS",

Ultralow go to the local POPs

Ultralow1

"status": "ok",
"protocol": "DOH",
"destIP": "152.89.161.16",
"anycast": false,
"server": "estnoc-buh-1",
"clientName": "unknown-doh",
"deviceName": "AdGuardHTTPS",

Ultralow2

"status": "ok",
"protocol": "DOH",
"destIP": "194.68.44.36",
"anycast": false,
"server": "serverwala-buh-1",
"clientName": "unknown-doh",
"deviceName": "AdGuardHTTPS",

    I still don't understand why anycast is stuck on Frankfurt but now that I can use local ultralow I don't even care. 😂

    • Unneverseen
    • 3 yrs ago
    • Reported - view

    for some reason anycast has better speed than ultralow for me 

      • losnad
      • 3 yrs ago
      • Reported - view

      Some reason might be the distance and/or the internet interconnected nodes. If you have anycast in close proximity and the ultralow is hundreds of kilometers away...

    • Jermaine_Potts
    • 3 yrs ago
    • Reported - view

    Thank you so much, I finally chose the server closest to mine using the Ultralow2 URL. 
    Is there any problem while using this method? And any solution for DoT?

      • losnad
      • 3 yrs ago
      • Reported - view

      I did not had any problem. I do have both servers added and I set up a fallback one.

      For DoT, as you can see, I did not got an answer and I didn't find a solution myself. But if DoH works, I don't see any advantage for DoT.

      Funny thing, when I was trying all this I discovered that I can put more than one DNS line in AdGuard. And this was written clearly and right in front of my eyes.  

      • Jermaine_Potts
      • 3 yrs ago
      • Reported - view

      losnad I actually wanted to test DoT with forced servers so it can be as PrivateDNS in android.

      • Dan_B
      • 1 yr ago
      • Reported - view

      Jermaine Potts 

      Hi, did you ever figure  this out?

    • MarkG
    • 3 yrs ago
    • Reported - view

    Thank for sharing that you can prepend "ultralow" in DOH.

    Do you happen to know how to prepend "ultralow" in DOT?

    • LazJedi
    • 1 yr ago
    • Reported - view

    Hi, I tried this DoH template on my Windows 11 PC but it didn't work. It still keeps connecting to anycast server further away from me. Am I aging somewhere?

      • R_P_M
      • 1 yr ago
      • Reported - view

      LazJedi It will always be Anycast if you are using an IP address with DoH/DoT. 
      Try https://dns1.nextdns.io/********
      for your situation. 

      • LazJedi
      • 1 yr ago
      • Reported - view

      R P M thanks but not work for me. I think this is related to Windows' native DoH support.

    • Pierre_Cartier
    • 1 yr ago
    • Reported - view

    @iosnad Works with DoH but couldn't make it work with DoH3 or DoQ though. 

    • Chris_S.1
    • 1 yr ago
    • Reported - view

    Ultralow1 was defaulted to me and the ping is 95ms, on the other hand, ultralow2 goes to 14ms, and since I use QUIC to force it, I did it like this:

    quic://123456.dns1.nextdns.io:853

    quic://123456.dns2.nextdns.io:853

    where dns1 is ultralow1 and dns2 is ultralow2

    I'm fine with this now :D

      • Sharon_stewart
      • 1 yr ago
      • Reported - view

      Chris S. Please, can you help with prepending anycast and my nextdns profile to the QUIC. How do I write this?

Login to reply

Content aside

  • 4 Likes
  • 1 yr agoLast active
  • 21Replies
  • 7810Views
  • 15 Following