3

No reply from NextDns.IO DNS Servers on Windows with YogaDNS

The problem started this morning (approx. 9:10 CET). We are not able to lookup DNS using the assigned DNS servers of NextDNS. If we revert to the DNS Servers of our ISP or Google DNS (8.8.8.8) everything work fine. 

Any input on how to investigate an solve? Thank you!

22replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Similar here.

    Like 1
      • crssi
      • crssi
      • 1 mth ago
      • 1
      • Reported - view

      The problem is (also) the whole family went on me. Won't say anything more at this point since I am angry like hell and I would regret it after.

      Like 1
  • Same here. Every day there is a 10+ minute window when it doesn't work.

    This service is not worth paying for :(

    Like
  • We've also been seeing this, starting this morning or possibly even yesterday evening in the central United States (Texas). Timeouts on DNS over HTTPS queries. This is affecting several—but not all—users at different locations in the area. For other users it's working fine, so I'm guessing the problem is with a few particular servers in NextDNS's infrastructure. Affected users have switched to another DNS resolver as a temporary workaround.

    Like
    • Clarence how do you connect to NextDNS?

      Like
      • Clarence
      • Clarence
      • 1 mth ago
      • Reported - view

      NextDNS We're using YogaDNS—various versions from 1.15–1.19—with the DNS server set up as type NextDNS, our configuration ID, and 'Use Ultra-Low Latency Network' unchecked. Windows 10 20H2. Like I mentioned, some computers (all using the same configuration) are fine, whereas others see only timeouts from NextDNS. I'll try with the ultra-low latency network option checked and see if that makes any difference.

      Like
    • Clarence please provide a https://nextdns.io/diag

      Like
  • Please provide information about your setup.

    Like
      • Clarence
      • Clarence
      • 1 mth ago
      • Reported - view

      NextDNS An update on this. The ultra-low latency network option doesn't have an effect on the problem. When I ran the diag tool from an affected computer it only used anexia-dal, and the 'Pinging PoPs' section is empty. I had to change my DNS resolver to something besides NextDNS for the utility to work properly, otherwise it couldn't resolve the server names. On a computer unaffected by the problem (it's using a different network and gateway, also a unix-based OS, not Windows) the diag tool returned 10 different servers in the 'Pinging PoPs' section.

      I submitted both of these reports via the diag tool. The first two letters of my email are 'jg' if this helps identify them. The first one is the problem one.

      Like
      • Clarence
      • Clarence
      • 1 mth ago
      • Reported - view

      I ran the diag tool on a third computer, with the same setup as the first, problematic one (same network, YogaDNS config, Windows 10, etc.). Only this one has no problems resolving through NextDNS. I submitted its report as well, though I'm stumped as to what the difference is between the first (not working) and third (working).

      Like
      • JG
      • sapphire_pen
      • 1 mth ago
      • Reported - view

      Clarence I found you can temporarily work around this by adding a new server in YogaDNS > DNS servers with DNS over TLS as the protocol and changing the target server in the Rules tab. The NextDNS protocol config in YogaDNS seems to be the issue here.

      Like
    • Clarence with nextdns disabled, can you load those two links correctly on the failing windows:

      And if you type this in a powershell, what do you get on both working and non-working windows:

      Get-ChildItem cert:\LocalMachine\root | Select-String "ISRG Root X1"
      Like
      • Clarence
      • Clarence
      • 1 mth ago
      • Reported - view

      NextDNS I noticed around mid afternoon (U.S. CDT) that the test computer which earlier had had the problem started working fine. I haven't tried it again this evening, but I did set up another computer with a fresh install of Windows 10 and YogaDNS 1.19 and when I first tried it it clearly exhibited the problem. All DNS requests were timing out.

      One of the early lines in the log was this (config ID and machine name redacted): 

      DnsCrypt log: Get https://dns.nextdns.io/XXXXX/YYYYY?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAVSeyoQZK-BCF19wxXfaIK: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

       

      Now to answer your question, I switched DNS resolvers. The two letsencrypt.org URLs loaded fine in Chrome. (The 2nd one gave a SEC_ERROR_UNKNOWN_ISSUER warning in Firefox 89.)

      The PowerShell command returned the same thing on both this new computer which had just exhibited the problem and on the other that's been working properly all day.

      [Subject]
        CN=ISRG Root X1, O=Internet Security Research Group, C=US
      [Issuer]
        CN=ISRG Root X1, O=Internet Security Research Group, C=US
      [Serial Number]
        008210CFB0D240E3594463E0BB63828B00
      [Not Before]
        6/4/2015 6:04:38 AM
      [Not After]
        6/4/2035 6:04:38 AM
      [Thumbprint]
        CABD2A79A1076A31F21D253635CB039D4329A5E8

      After this I tried NextDNS again on the freshly installed computer and now it's working fine. So who knows...

      Like
  • I have this issue too, on my Windows 10 laptop, accessing NextDNS via YogaDNS with the dedicated NextDNS server protocol option.

    • Responses are intermittent. Some are successful while most timeout. There is no pattern to which domains are and are not getting responses: some domains are both successfully resolved and timeout at different times.
    • Deleting the NextDNS rule and reverting to the default causes all requests to be successful.
    • Adding a new server using the DNS over TLS protocol and NextDNS as the target causes all requests to be successful, as expected.
    • My phone using DNS over TLS in Android's private DNS setting also works as expected.

    I did get this message in the log:

    > DnsCrypt log: Get https://dns.nextdns.io/[ID redacted]/[Device Name]?dns=[Long ID redacted]: x509: certificate signed by unknown authority

    YogaDNS 1.19 / Driver Version 117 as displayed in the log

    Like
  • Hi all -- I wanted to jump on here and report the same issue. Earlier this morning (~7:30 pacific) neither of my Windows PCs using the most recent YogaDNS client could resolve DNS, but my iOS device was fine. I didn't have time to troubleshoot since I had a meeting to get to, but quitting YogaDNS "fixed" it. IIRC I came across a reddit post about this as well where someone reinstalled YogaDNS and it started working again. Maybe related to recent cert updates announced on 5/31?

    Like
  • I'll also try to diag the problems next time it occurs in Switzerland. 

    Like
  • I believe I’ve run into this again this morning. Is this a known/ongoing issue, and/or anything other than what’s outlined above that I could do to permanently resolve it?

    Like
      • Clarence
      • Clarence
      • 11 days ago
      • Reported - view

      Jason Heyd Yes, I'm also getting reports of this again from a few users, starting yesterday. No configuration changes on our end, so I really think it's something NextDNS needs to fix on theirs. The first time it both came and eventually went away without me changing anything either.

      Like
      • Jason Heyd
      • JasonHeyd
      • 11 days ago
      • Reported - view

      Clarence  Thanks.

      nextdns Any insight/progress on what’s happening, why, or how to resolve it?

      Like
  • I had the same problem with YogaDNS, but it seems to working again for me. I am experiencing some high ping times from my fortigate. It happened exactly when YogaDNS starting getting timeouts.

    Like
Like3 Follow
  • 3 Likes
  • 11 days agoLast active
  • 22Replies
  • 239Views
  • 9 Following