0

"Private DNS server cannot be accessed"

I sometimes get this message on my Android devices when on wifi.

  1. This error only happens on my Android devices, and only occasionally.
  2. It usually resolves itself after several hours.
  3. Switching to cellular data restores internet connectivity.
  4. Disabling Private DNS restores internet connectivity even though my router is configured to forward all DNS requests to NextDNS.
  5. When experiencing this error the device cannot reach my CalDav and CardDav servers, even though they're on the same local network.

What's going on here? This never happens with my Linux laptops.

9replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I use the feature on Android too since long time already and it just works.

    Which Android did you use?

    Like
  • hello 

    i face same problems with you, and looking for a solution 

    could you pls advice me your phone brand and name of the mobile network operator ?

    Like
  • The fault may be that it cannot resolve your internal servers.

    When your phone is configured to use an external DNS provider like NextDNS, it will only receive the public IP addresses that have been defined on your public DNS Server. These IP addresses are then mapped using a Network Address Translation table in your router to point to an Internal IP address.

    Normally when you are on your own network, DNS resolving is done by your internal DNS server (which refers out to external ones for DNS names that are not on your own network). Hence when a device on the internal network tried to connect to an internal CardDav server, for example, it is normally provided with the internal IP address.

    However, if you have told your phone to use a Public DNS server then when it is on your LOCAL network it will still be asking NextDNS for the PUBLIC IP address, which will not work on your local network.

    If this is the case you have two choices to make it work:

    1.    Switch your phone to use your internal DNS server (e.g. router) when on your local network, or

    2.    Configure a NAT rule on your router for the internal interface your phone is on, that forwards the PUBLIC IP addresses of your servers to the internal IP addresses of your servers.

    In my case I did the later for all the internal devices that my phone needs to see and thus I could keep it using nextDNS all the time.

    Like
    • Ian Morris 

      Thanks for the suggestions and the detailed explanation. My server is not publicly accessible, though I'm working on a VPN so I can access it when I'm not home. I'm not sure #2 would work.

      I have the following options for Private DNS:

      1. Off
      2. Automatic
      3. Hostname

      I guess #1 would be the Automatic option? That's typically what I do whenever this error arises.

      Like
      • Greg B.
      • nisten
      • 1 mth ago
      • Reported - view

      Chris Horlacher

      Off - Android will use your ISP's dns servers*

      Automatic - Android will attempt to use DNS-over-TLS (DoT) with your ISP's dns servers*

      Hostname - Android will use DoT using the custom hostname you entered (Ex, dns.google (Google DoT), 1dot1dot1dot1.cloudflare-dns.com (Cloudflare DoT), dns.nextdns.io (NextDNS DoT) or yourID.dns.nextdns.io (Customized NextDNS DoT))

      * = Assuming you haven't setup custom dns via Static IP or at the router/DHCP level

      Like
      • Chris Horlacher If you have your phone perminantly pointing to a public DNS service like nextDNS then it cannot know the internal IP address of  your servers. If your phone DNS is switched to automatic, then I think it will use whatever DNS server it is provided with via DHCP. So when you are out if will probably use your ISP's DNS servers and when you are on your local network, it will probably use yours and hence get the internal IP addresses of your servers.
      • You could edit the hosts file on your android phone to add the internal IP addresses of your servers, thus it wouldn't need to send a DNS query anywhere to look it up
      • Or with my option 2, you would need to configure entries on your public DNS server to point to dummy IP addresses for your internal servers, which your phone would pick up and then set up some NAT rules to route the traffic correctly internally. The servers don't need to be accessible externally but would will need some IP addresses - you will certainly have one that your router uses.
      Like
  • Umur Soydan DynamicNotSlow

    I'm running latest GrapheneOS (It's a de-googled fork of Android) on a Google Pixel 4a. My carrier is Rogers, in Canada.

    Like
    • Chris Horlacher 

      GrapheneOS normally use Cloudflare as fallback if nothing works.

      Like
  • I had the same problem when using a Mikrotik as WebProxy. The solution was to create a Firewall rule to allow Forward TCP ports 53 and 853.

    Like
Like Follow
  • 11 days agoLast active
  • 9Replies
  • 292Views
  • 6 Following