2

Short-term outages with DoT

I have set up the "DNS-over-TLS/QUIC" address in my Android smartphone as "private DNS" and also in the router for the home network. Basically, the service works very well, but several times a day I have short-term outages of up to 30 seconds on all end devices, both at home and mobile, during which no address can be resolved.

The problem apparently only occurs with the natively supported protocol DoT. If I only enter the unencrypted IPv6 DNS server in the router, I cannot determine any comparable failures so far.

https://nextdns.io/diag/6bddc480-68e8-11ec-987f-9119e8b922f7

29 replies

null
    • Koboldchen
    • 2 yrs ago
    • Reported - view

    The problem also exists via smartphone in the mobile network - so I can rule out the router as the sole source of the error.

    As a temporary measure, I now use the DoH entry on the systems that natively support it (Chrome, Windows 11). This way, uninterrupted web browsing is at least possible. However, I do not consider this setup ideal. I do not want to install additional apps and they are not available everywhere (e.g. router).

    • A_B
    • 2 yrs ago
    • Reported - view

    I've got the same issue, router-based DNS-over-TLS. ping.nextdns shows as if anycast servers have appeared to be dead.

    • user1
    • 2 yrs ago
    • Reported - view

    I have a Netgate pfSense router experiencing the same issues with DoT configs except my outages are for longer periods of times, sometimes up to 10 minutes. 

    Not only is my router unable to resolve addresses, the two iphones I have in the house directed to NextDNS DoT DNS  servers were not resolving.  

    After complaints from family members about TVs, laptops, etc not working i had to divert to the plain-text configs.

    Also, this isn’t a new issue. It appears often and it’s quite annoying.  

      • user1
      • 2 yrs ago
      • Reported - view

      JCVR 

      i cannot confirm that but i will. i’ve just been lazy and put all my eggs in the NextDNS basket trusting it would work. Perhaps i’ll see the same issue with other providers, i don’t know but i’ll switch to AdGuard to compare stability. 

    • teal_rabbit
    • 2 yrs ago
    • Reported - view

    That last time this happened it was an issue with Stubby not gracefully handling slow handshakes with NextDNS, which was supposed to be fixed, but I do know there was an issue filed on the Stubby GitHub regarding this as well.

    TLS Connection Failures - Stubby - Bug Reports - NextDNS Help Center

    • Koboldchen
    • 2 yrs ago
    • Reported - view

    I have now tested personal AdGuard DNS beta intensively for two days. No timeouts via DoT so far, neither natively via my Android smartphone nor via my router. Also, the name resolution seems a little bit faster to me, but may just be imagination.

    The range of functions of AdGuard DNS is still quite limited. The interface is also not as innovative and clear as NextDNS. Yet!

    So @NextDNS, use your advantage over the upcoming competition and finally fix the problems with DoT! :-) I would like to stay here as paying customer.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Koboldchen can you please try with anycast.dns.nextdns.io and tell us if you can reproduce the issue?

      • Koboldchen
      • 2 yrs ago
      • Reported - view

      NextDNS Yes, happened right now again on my smartphone at 8:37:04 a.m. CET accessing to golem.de from IP 109.250.66.1 / 2001:9e8:2706:3800:b9f2:5812:d8b4:68d5.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Koboldchen we will deploy a tentative fix today, I’ll keep you posted.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      JCVR there is no known issue with DoH. This is a potential fix for DoT although we couldn’t reproduce the issue so we need field testing to confirm.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      JCVR it's fully deployed, please tell us if you see improvement or not.

      • Koboldchen
      • 2 yrs ago
      • Reported - view

      NextDNS Thank you very much! I'll check it out and get back to you.

      • Pro.1
      • 2 yrs ago
      • Reported - view

      Everything is the same as before

      I just could not open the sites, after 3 seconds it worked. Then the same with other sites.

       

      NextDNS

      • teal_rabbit
      • 2 yrs ago
      • Reported - view

      NextDNS Not the OP, but still having timeout issues with using DoT on ASUS-Merlin.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Thanks for testing. Could please now test with the following hostnames *one at a time* and report if one or the other is fixing the issue:

      • Koboldchen
      • 2 yrs ago
      • Reported - view

      NextDNS Can also confirm that the fix yesterday didn't solve the problem. Will try the anycast addresses now.

      • Koboldchen
      • 2 yrs ago
      • Reported - view

      NextDNS Any new knowledge here? As JCVR has already confirmed, there are still infrequently resolving issues with the alternative addresses.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      JCVR we just pushed another tentative fix, please report if it does change anything.

      • Koboldchen
      • 2 yrs ago
      • Reported - view

      NextDNS Sorry, just had the next dropout on my phone again (private DNS in Android).

      • NextDNs
      • 2 yrs ago
      • Reported - view

      JCVR is your script sending queries at a fast pace?

      • NextDNs
      • 2 yrs ago
      • Reported - view

      JCVR please send me your IP over DM and the output of https://test.nextdns.io so we can investigate.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      JCVR we think found the issue. It will be deployed in the next few days. Stay tuned.

      • Koboldchen
      • 2 yrs ago
      • Reported - view

      NextDNS I can confirm that the problem seems to be fixed for me as well. Thank you very much!

      • teal_rabbit
      • 2 yrs ago
      • Reported - view

      NextDNS Can you please confirm this has been resolved? "Stay tuned" but no official announcement.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      BS the issue has been fixed. We communicated on the other thread: https://help.nextdns.io/t/x2hfpfk/nextdns-down

Content aside

  • Status Fixed
  • 2 Likes
  • 2 yrs agoLast active
  • 29Replies
  • 1092Views
  • 12 Following