0

NextDNS completely stopped working in pfsense - network down

I have been using nextdns for almost a year using pfsense as my router. It has been working well but today, nothing would work. No DNS could be resolved on any device within the network - all devices use pfsense for DNS resolution. I have not changed any settings in pfsense recently.

pfsense can the error "can't find domain.abc: Server Failed"

I have had to remove the nextdns setting in the Custom Options and default to Quad 9 in the system settings. Then everything works again.

DNS Custom Options were:

server:
  server:
  forward-zone:
    name: "."
    forward-tls-upstream: yes 
forward-addr: 45.90.28.0#Router-b25a13.dns1.nextdns.io
forward-addr: 2a07:a8c0::#Router-b25a13.dns1.nextdns.io
forward-addr: 45.90.30.0#Router-b25a13.dns2.nextdns.io
forward-addr: 2a07:a8c1::#Router-b25a13.dns2.nextdns.io
server:include: /var/unbound/pfb_dnsbl.*conf

13 replies

null
    • Ian_Morris
    • 2 yrs ago
    • Reported - view

    I have now configured pfsense to use Quad9 DoT service and it works fine on port 853.

    As soon as I put the NextDNS options back in DNS stops working

    • NextDNs
    • 2 yrs ago
    • Reported - view

    What do you get for https://test.nextdns.io

    • NextDNs
    • 2 yrs ago
    • Reported - view

    Do you have DNSSEC validate turned on? If yes, does it work without it?

    • alexic008
    • 2 yrs ago
    • Reported - view

    I just had the same problem today on pfsens. actually if I disable DNSSEC on the pfsense it works. does this mean that we can't have dnssec with pfsense and nextdns

    • Ian_Morris
    • 2 yrs ago
    • Reported - view

    Thank you all for your suggestions - since it is late here (9pm on a Saturday night), I will work through these tomorrow and report back. I don't have TLS  verification turned on (under System > General Setup).

    I imagine with the "What do you get for https://test.nextdns.io" I would need to run that when NextDNS is configured

    • NextDNs
    • 2 yrs ago
    • Reported - view

    There is an issue with DNSSEC in our last build. We are rolling back and will fix it. Please note that you should not enable DNSSEC validation on the client with a DNS filter like us and TLS, it will break some features, make things slower and we do it for you anyway.

    • Ian_Morris
    • 2 yrs ago
    • Reported - view

    Switched Back to NextDNS and all seems to be working now, get a good response from https://test.nextdns.io , Protocol DoT etc and DNS resolution now works.

    • Ian_Morris
    • 2 yrs ago
    • Reported - view

    @alexic008 Enable DNSSEC works for me now the issue has been fixed - I have my "Enable DNSSEC Support" ticked

    • NextDNs
    • 2 yrs ago
    • Reported - view

    We are rolling out again our yesterday's version but with a fix for this DNSSEC issue. Please report if you see anything wrong.

    • alexic008
    • 2 yrs ago
    • Reported - view

    yes in the Reactivan is good today

    • Mark_Ridgwell
    • 2 yrs ago
    • Reported - view

    Mine works on the PC/router now, but the phone reports that it can't connect to the  Private DNS on android now

    • Ian_Morris
    • 2 yrs ago
    • Reported - view

    @nextdns I have noticed over the last couple of days an increased number of nxdomain responses which has occurred for various popular sites.

    Not sure if this is linked but for example, I sometimes now get nxdomain response for www.bbc.co.uk, which I never had in the past. Usually this lasts for a couple of minutes leaving me unable to access the site, and then goes away and I can access it again. This only seems to have occurred in the last few days.

    • Jonathan_Selea
    • 2 yrs ago
    • Reported - view

    I am suffering with the same issue - and this is happening more and more often on my connection at home.

    I have internet connection - tracert and traceroute confirms it. I have been forced to turn off DoT on my home devices and use ordinary DNS

Login to reply

Content aside

  • 2 yrs agoLast active
  • 13Replies
  • 895Views
  • 6 Following