0

NextDNS Issue - not working

Using NextDNS on asus-merlin with dnscrypt. No configuration changes on router or any other device on the network. Facing constant issues from the past 3 days.

1. Unable to resolve anything when using nextdns. works when using isp dns, cloudflare, opendns etc.

2. Sometimes only resolves nextdns.io but subdomains like help.nextdns.io or my.nextdns.io do not resolve

3. Google.com resolves but not cnn.com, yahoo.com, hotmail.com, etc. surprisingly these dns queries show up in nextdns logs but are not resolved.

4. Browsing works when using https://dns.nextdns.io/ in browser but same domains do not resolve when trying to ping using command line.

5. Everything works when using yoga dns.

Different results everytime I run the nextdns diag utility.

https://nextdns.io/diag/b6122f20-875f-11eb-9bef-231eb34a582c

https://nextdns.io/diag/7fdeba60-8762-11eb-9bef-231eb34a582c

https://nextdns.io/diag/4f80df50-8763-11eb-9bef-231eb34a582c

https://nextdns.io/diag/fc3b5460-8767-11eb-9bef-231eb34a582c

18 replies

null
    • olivier
    • 3 yrs ago
    • Reported - view

    Seems like your network / ISP resolver is blocking dns.nextdns.io.

      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey ISP is not blocking dns.nextdns.io

      1. Browsing works when using dns.nextdns.io in browser DOH

      2. Works when using dns.nextdns.io in Yoda DNS

      3. dns.nextdns.io resolves properly using command prompt

      4. nslookup when used with dns.nextdns.io resolves nextdns.io but resolving hotmail.com fails. query fails but still shows up in NextDNS logs

      5. everything starts working if DNSSEC is disabled. DNSSEC was working previously with NextDNS and still works with cloudflare, opendns, isp dns, etc.

      Looks like a DNSSEC issue, why it is not working with NextDNS and still works with other dns providers?

      • olivier
      • 3 yrs ago
      • Reported - view

      Qadhi can you please show the output of https://test.nextdns.io and https://ping.nextdns.io with nextdns disable?

      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey 

      https://test.nextdns.io/ output

      {
      "status": "unconfigured",
      "client": "XXX.255.0.XXX",
      "resolver": "110.34.32.19",
      "server": "anexia-fra-1"
      }

       

      https://ping.nextdns.io/ output
       

        gc-bom           40 ms  (ultralow1)
        anexia-maa      111 ms
        do-blr          117 ms
        anexia-fra      132 ms  (anycast2)
        ls-bom          142 ms  (ultralow2)
        microhost-del   150 ms
        zepto-sin       184 ms  (anycast1)
        premiumrdp-ruh  189 ms
        serverwala-del  194 ms
        navico-ruh      199 ms
        edis-dxb        213 ms
        anexia-dxb       error
      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey can you please check the output and see what the issue is?

      • olivier
      • 3 yrs ago
      • Reported - view

      Qadhi DNSSEC should be disabled if enabled. I'm not sure why it fails here, but DNSSEC will create other issues with a DNS filter like us as by design, we break DNSSEC when blocking domains or rewriting responses.

      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey How come it was working before some of us faced downtime and a "fix" was deployed.

      https://help.nextdns.io/t/35hlztr/service-down?r=g9hlz4j#g9hlz4j

      and how it is still working for other NextDNS users?

      after disabling DNSSEC  iPhones with ios 14 are showing privacy warning when connected to my network "This network is blocking encrypted DNS traffic." Warning goes away if i switch to clouflare and enable DNSSEC.

      • olivier
      • 3 yrs ago
      • Reported - view

      Qadhi do you have the "Block Bypass Methods" under "Parental Control" enabled?

      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey its disabled

      • olivier
      • 3 yrs ago
      • Reported - view

      Qadhi if I understand your setup correctly, you have assus-merlin running dnscrypt-proxy, so your DNS queries go through dnsmasq -> dnscrypt-proxy -> NextDNS, am I right?

      To try to reproduce the issue I need the version of each component (dnsmasq and dnscrypt-proxy) as well as their respective configuration.

      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey  asus-merlin. dnscrypt installed via amtm.

      dnscrypt installer        v2.1.8
      dnscrypt-prox            v2.0.45
      dnsmasq     2.84-42-g433dc70

      dnscrypt configured with nextdns. dns stamp of nextdns also specified.

      • olivier
      • 3 yrs ago
      • Reported - view

      Qadhi can you please show the configuration files for dnsmasq and dnscript-proxy?

      • olivier
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey also, can you please try this stamp: sdns://AgcAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8BLw

      • CahJowo
      • 3 yrs ago
      • Reported - view

      Qadhi snapshot? 

      • Qadhi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey used this new dns stamp and DNSSEC is now working

      • olivier
      • 3 yrs ago
      • Reported - view

      Qadhi please try creating a new config, change nothing and use it to see if it works. If it does, you can try to add options of the non-working config one by one to see which one is breaking DNSSEC.

    • Pro subscriber ✓
    • DynamicNotSlow
    • 3 yrs ago
    • Reported - view
      • Qadhi
      • 3 yrs ago
      • Reported - view

      DynamicNotSlow not using PiHole. asus-merlin with dnscrypt. no config changes when this problem started. all unresolved queries still show in nextdns logs. everything works with DNSSEC disabled.

      this issue started 4 days ago when there was some issue at nextdns mentioned here

      https://help.nextdns.io/t/35hlztr/service-down?r=g9hlz4j#g9hlz4j

Content aside

  • 3 yrs agoLast active
  • 18Replies
  • 1725Views
  • 4 Following