DoH max concurrent queries reached, ignoring query - DoH server connection error: Idle timeout - waiting data, DoH server connection error:
I have been experiencing several errors on MikroTik router RB5009 as shown in the attached photos. I have included my router DNS configuration if anyone is able to assist?
-
Did you try increasing the “maximum concurrent queries” value? Any difference or is the current number the maximum allowed by the router?
-
R P M hi mate, I have tried as suggested and the error disappear for a short while and re-appear again.
-
-
Just noticed latest MikroTik version 7.8 introduce some DoH fix. Still not sure if the issue is MikroTik and NextDNS?
-
Chris Did you ever figure this out?
-
Rob de Jonge Hi mate, nah. Still experiencing same issue and now when I am experiencing the timeout, webpages doesn't work. Thinking of switching to another provider :(
-
Chris You and me both. Just not sure where to! :)
-
Chris Same problem here.. Is it a known bug? working with other DoH-Providers (working without problems!) :-(
-
Chris ..and as a note: it was running for 2 weeks - untill I switch to the paid version today..
-
Chris What IP adresses are you using for "dns.nextdns.io"?
-
Patrick De Zordo Hi Patrick, find the attached IP's below...
-
Patrick De Zordo The same with me, all started when I switched to paid version.....
-
Chris from which country are you using nextdns?
-
Patrick De Zordo Australia
-
Chris could you try the following IPs?
207.148.84.39, 103.1.213.21 for dns.nextdns.io
-
Patrick De Zordo Thanks Patrick, changed the IP as suggested. Will report back....
-
Patrick De Zordo Still having issues as per the screenshot attached. As highlighted in the screenshot, MikroTik version 7.9 introduced new features in the DNS settings...... any idea/suggestions of the optimal values??
-
Chris we are using the following settings, and we get just 1-5 timouts a day..
it's not perfect, but "ok" for now..
-
Patrick De Zordo Made the changes and timeout increased....... not sure what more I can do
-
Chris
same issued at Viet Nam, did nextdns change something? -
Anh Vu Hey mate, not sure what NEXTDNS did but it has been a nightmare since the error started filing up log file. To make it worse, this is a paid version and nothing official from NEXTDNS staff!!!
-
Chris
Today, I found reason to make nextdns timeout by enable rule dns in logging. So some device in my home network was tried to connect from their server like bitcoin from china and hongkong. Then I create rule to drop connection from list in firewall then connection timeout reduced.
I'm not good at English, so I hope you guys understand.
-
Anh Vu yeah, we understand!
Since yesterday we are using "ultralow1" and "ultralow2" server IPs for "dns.nextdns.io".
Here in Italy the 2 IPs we are using: 178.255.155.63 and 192.145.127.148 - for now we have had 12 hours without any "timeout" or "connection error". (ROS 7.9 on x86)
Can you check your "utlralow" servers in your country by opening the following page please?
-
Patrick De Zordo how did you obtain IP addresses for "ultralow1/2"? I have attached screenshot from ping.nextdns.io
-
Anh Vu Nice work mate. Anh Vu I have enable DNS logging and I can only see private IP's and not public IP on my list which if blocked the router would break
-
Chris it (should) be documented somewhere; can't find it right now, but it's really simple:
ultralow1=gsl-adl this will become ipv4-gsl-adl-1.edge.nextdns.io => 116.90.72.196
ultralow2=zetta-adl this will become ipv4-zetta-adl-1.edge.nextdns.io => 119.252.93.133
So just use the 2 IPs for 2 static DNS records for "dns.nextdns.io", and configure DNS parameters as in my screenshots.
Then try to observe if it is working better..?
-
Patrick De Zordo you guys can get IP for ultralow and other servers from this site: http://router.nextdns.io/?limit=20&stack=dual
-
Chris this can be DoH issued on your mikrotik. This certificate's broken. You can try to delete it from System > Certificates.
Also, no more DoH issues on my home network since I blocked all unauthorized IPs from China and HongKong. I'm very happy now :)
I'm using 2 ultralow server and zepto-sin
My dns settings
-
Anh Vu Thanks, didn't know this..
-
Patrick De Zordo Legend! I have set those IP's now and will report back. Thanks mate.....
-
Chris Nice!
don't forget to set this values mate.. -
Anh Vu Nice one mate.
-
Patrick De Zordo Have set them now. Great to see community (You and @Ann Vu) helping to resolve the issue
.... one wonders if NEXTDNS support even exist 
!!!
-
-
It's really frustrating.. we are now also (again) having outages..
Why ist no NextDNS Staff reading this posts?
Actually trying with this settings, and it's "better" than before, but not good at all...
RouterOS 7.9
-
Patrick De Zordo I agree mate, NEXTDNS staff MUST do better.......this has been an issue for a while yet nothing from the company!!!! Yet it's paid version, go figure!
-
-
Configs: ip dns pr
servers:
dynamic-servers:
use-doh-server: https://dns.google/dns-query
verify-doh-cert: yes
allow-remote-requests: yes
max-udp-packet-size: 50000
query-server-timeout: 2s
query-total-timeout: 10s
max-concurrent-queries: 1048576
max-concurrent-tcp-sessions: 1000000
cache-size: 1953163KiB
cache-max-ttl: 1w
cache-used: 22294KiB-
Ronnie Barnett Gidday mate, does NEXTDNS support the use of Google DNS DOH servers? How about certificates, are they included by default on MikroTik routers?
-
