NextDNS Issue - not working

Qadhi
updated 3 yrs ago
18replies

Using NextDNS on asus-merlin with dnscrypt. No configuration changes on router or any other device on the network. Facing constant issues from the past 3 days.

1. Unable to resolve anything when using nextdns. works when using isp dns, cloudflare, opendns etc.

2. Sometimes only resolves nextdns.io but subdomains like help.nextdns.io or my.nextdns.io do not resolve

3. Google.com resolves but not cnn.com, yahoo.com, hotmail.com, etc. surprisingly these dns queries show up in nextdns logs but are not resolved.

4. Browsing works when using https://dns.nextdns.io/ in browser but same domains do not resolve when trying to ping using command line.

5. Everything works when using yoga dns.

Different results everytime I run the nextdns diag utility.

https://nextdns.io/diag/b6122f20-875f-11eb-9bef-231eb34a582c

https://nextdns.io/diag/7fdeba60-8762-11eb-9bef-231eb34a582c

https://nextdns.io/diag/4f80df50-8763-11eb-9bef-231eb34a582c

https://nextdns.io/diag/fc3b5460-8767-11eb-9bef-231eb34a582c

- olivier
- 3 yrs ago
- Reported - view
Seems like your network / ISP resolver is blocking dns.nextdns.io.
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey ISP is not blocking dns.nextdns.io
  
  1. Browsing works when using dns.nextdns.io in browser DOH
  
  2. Works when using dns.nextdns.io in Yoda DNS
  
  3. dns.nextdns.io resolves properly using command prompt
  
  4. nslookup when used with dns.nextdns.io resolves nextdns.io but resolving hotmail.com fails. query fails but still shows up in NextDNS logs
  
  5. everything starts working if DNSSEC is disabled. DNSSEC was working previously with NextDNS and still works with cloudflare, opendns, isp dns, etc.
  
  Looks like a DNSSEC issue, why it is not working with NextDNS and still works with other dns providers?
- olivier
  
  3 yrs ago
  
  Reported - view
  Qadhi can you please show the output of https://test.nextdns.io and https://ping.nextdns.io with nextdns disable?
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey
  
  https://test.nextdns.io/ output
  
  { "status": "unconfigured", "client": "XXX.255.0.XXX", "resolver": "110.34.32.19", "server": "anexia-fra-1" }
  
  https://ping.nextdns.io/ output
  
  gc-bom 40 ms (ultralow1) anexia-maa 111 ms do-blr 117 ms anexia-fra 132 ms (anycast2) ls-bom 142 ms (ultralow2) microhost-del 150 ms zepto-sin 184 ms (anycast1) premiumrdp-ruh 189 ms serverwala-del 194 ms navico-ruh 199 ms edis-dxb 213 ms anexia-dxb error
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey can you please check the output and see what the issue is?
- olivier
  
  3 yrs ago
  
  Reported - view
  Qadhi DNSSEC should be disabled if enabled. I'm not sure why it fails here, but DNSSEC will create other issues with a DNS filter like us as by design, we break DNSSEC when blocking domains or rewriting responses.
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey How come it was working before some of us faced downtime and a "fix" was deployed.
  
  https://help.nextdns.io/t/35hlztr/service-down?r=g9hlz4j#g9hlz4j
  
  and how it is still working for other NextDNS users?
  
  after disabling DNSSEC iPhones with ios 14 are showing privacy warning when connected to my network "This network is blocking encrypted DNS traffic." Warning goes away if i switch to clouflare and enable DNSSEC.
- olivier
  
  3 yrs ago
  
  Reported - view
  Qadhi do you have the "Block Bypass Methods" under "Parental Control" enabled?
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey its disabled
- olivier
  
  3 yrs ago
  
  Reported - view
  Qadhi if I understand your setup correctly, you have assus-merlin running dnscrypt-proxy, so your DNS queries go through dnsmasq -> dnscrypt-proxy -> NextDNS, am I right?
  
  To try to reproduce the issue I need the version of each component (dnsmasq and dnscrypt-proxy) as well as their respective configuration.
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey asus-merlin. dnscrypt installed via amtm.
  
  dnscrypt installer        v2.1.8
  dnscrypt-prox            v2.0.45
  dnsmasq    2.84-42-g433dc70
  
  dnscrypt configured with nextdns. dns stamp of nextdns also specified.
- olivier
  
  3 yrs ago
  
  Reported - view
  Qadhi can you please show the configuration files for dnsmasq and dnscript-proxy?
- olivier
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey also, can you please try this stamp: sdns://AgcAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8BLw
- CahJowo
  
  3 yrs ago
  
  Reported - view
  Qadhi snapshot?
- Qadhi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey used this new dns stamp and DNSSEC is now working
- olivier
  
  3 yrs ago
  
  Reported - view
  Qadhi please try creating a new config, change nothing and use it to see if it works. If it does, you can try to add options of the non-working config one by one to see which one is breaking DNSSEC.
- Pro subscriber ✓
- DynamicNotSlow
- 3 yrs ago
- Reported - view
Qadhi said:
4. nslookup when used with dns.nextdns.io resolves nextdns.io but resolving hotmail.com fails. query fails but still shows up in NextDNS logs

works here. IP for hotmail.com is

204.79.197.212

Qadhi said:
5. everything starts working if DNSSEC is disabled. DNSSEC was working previously with NextDNS and still works with cloudflare, opendns, isp dns, etc.

DNSSEC works here without problems.

Did you use solutions like PiHole with own DNSSEC? If yes, disable it their.
- Qadhi
  
  3 yrs ago
  
  Reported - view
  DynamicNotSlow not using PiHole. asus-merlin with dnscrypt. no config changes when this problem started. all unresolved queries still show in nextdns logs. everything works with DNSSEC disabled.
  
  this issue started 4 days ago when there was some issue at nextdns mentioned here
  
  https://help.nextdns.io/t/35hlztr/service-down?r=g9hlz4j#g9hlz4j

Content aside

3 yrs agoLast active
18Replies
1725Views
4 Following

NextDNS Issue - not working

18 replies

Content aside

Home

Tags