NextDNS completely stopped working in pfsense - network down
I have been using nextdns for almost a year using pfsense as my router. It has been working well but today, nothing would work. No DNS could be resolved on any device within the network - all devices use pfsense for DNS resolution. I have not changed any settings in pfsense recently.
pfsense can the error "can't find domain.abc: Server Failed"
I have had to remove the nextdns setting in the Custom Options and default to Quad 9 in the system settings. Then everything works again.
DNS Custom Options were:
server:
server:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 45.90.28.0#Router-b25a13.dns1.nextdns.io
forward-addr: 2a07:a8c0::#Router-b25a13.dns1.nextdns.io
forward-addr: 45.90.30.0#Router-b25a13.dns2.nextdns.io
forward-addr: 2a07:a8c1::#Router-b25a13.dns2.nextdns.io
server:include: /var/unbound/pfb_dnsbl.*conf
13 replies
-
I have now configured pfsense to use Quad9 DoT service and it works fine on port 853.
As soon as I put the NextDNS options back in DNS stops working
-
What do you get for https://test.nextdns.io
-
Do you have DNSSEC validate turned on? If yes, does it work without it?
-
I just had the same problem today on pfsens. actually if I disable DNSSEC on the pfsense it works. does this mean that we can't have dnssec with pfsense and nextdns
-
Thank you all for your suggestions - since it is late here (9pm on a Saturday night), I will work through these tomorrow and report back. I don't have TLS verification turned on (under System > General Setup).
I imagine with the "What do you get for https://test.nextdns.io" I would need to run that when NextDNS is configured
-
There is an issue with DNSSEC in our last build. We are rolling back and will fix it. Please note that you should not enable DNSSEC validation on the client with a DNS filter like us and TLS, it will break some features, make things slower and we do it for you anyway.
-
Switched Back to NextDNS and all seems to be working now, get a good response from https://test.nextdns.io , Protocol DoT etc and DNS resolution now works.
-
@alexic008 Enable DNSSEC works for me now the issue has been fixed - I have my "Enable DNSSEC Support" ticked
-
We are rolling out again our yesterday's version but with a fix for this DNSSEC issue. Please report if you see anything wrong.
-
yes in the Reactivan is good today
-
Mine works on the PC/router now, but the phone reports that it can't connect to the Private DNS on android now
-
@nextdns I have noticed over the last couple of days an increased number of nxdomain responses which has occurred for various popular sites.
Not sure if this is linked but for example, I sometimes now get nxdomain response for www.bbc.co.uk, which I never had in the past. Usually this lasts for a couple of minutes leaving me unable to access the site, and then goes away and I can access it again. This only seems to have occurred in the last few days.
-
I am suffering with the same issue - and this is happening more and more often on my connection at home.
I have internet connection - tracert and traceroute confirms it. I have been forced to turn off DoT on my home devices and use ordinary DNS
Content aside
- 2 yrs agoLast active
- 13Replies
- 903Views
-
6
Following