3

"Private DNS" on Android and pfSense DNS setup conflict?

Hello,

I use NextDNS's DNS, both on the "Private DNS" setting on my Android phone, and on the DNS Resolver custom option of my pfSense router.

It worked for months together (I use my NextDNS phone config , both on 4G and when I'm connected to my router.).

But since a few hours today, without any configuration modifications,  my phone tell me no internet connection when I'm connected to the router.

It work great on another wifi (without NextDNS setting), or on my wifi (with nextDNS Settings) but only if I disabled the "Private DNS" setting.

I don't know why...

Is there a conflict when we use both NextDNS setting on router AND on phone together?

Thank you,

45replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • From your android, what do you get for https://test.nextdns.io

    Like
      • fwehrle
      • fwehrle
      • 2 yrs ago
      • 1
      • Reported - view

      Olivier Poitrey thank you for replying :)

      On 4g with private DNS :

      {
      "status": "ok",
      "protocol": "DOT",
      "configuration": "fpb9d8a0772d538e04",
      "client": "redacted",
      "destIP": "45.90.28.0",
      "server": "netbarista-par-1",
      "clientName": "unknown-dot"
      }
      On Wifi (so with router DNS resolver with NextDNS) AND with no "private DNS" android setting :
      {
      "status": "ok",
      "protocol": "DOT",
      "configuration": "fp63ff6da8091c759a",
      "client": "redacted",
      "destIP": "45.90.28.0",
      "server": "netbarista-par-1",
      "clientName": "unknown-dot"
      }

      And I cannot test on wifi AND private DNS, because these is no DNS resolving (that's the problem I describe here), so no internet :D

      Like 1
  • I don't know if it's important but I use mutiwan on router (ADSL, 4G and VPN).  And pfSense ask for DNS on all interfaces. (But it was working like this for months..)

    Like
  • Can you dig you pfSense for dns.nextdns.io please?

    Like
  • A DNs Lookup on pfSense?

    Result :

    Results

    ResultRecord type

    37.252.225.79 A
    193.168.204.73 A
    2a00:11c0:2:998::3 AAAA
    2a0e:9900::1:0:0:1:2 AAAA

    Timings

    Name serverQuery time

    127.0.0.1 159 msec
    45.90.28.181 151 msec
    45.90.28.42 183 msec
    45.90.30.42 292 msec

    Or do you need a dig command?

    Like
  • Shell Output for drill -V5 -T dns.nextdns.io :

    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; . IN NS
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:41 2020
    ;; MSG SIZE  rcvd: 0
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 42.83.7.199.in-addr.arpa. IN PTR
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:42 2020
    ;; MSG SIZE  rcvd: 0
    . 518400 IN NS a.root-servers.net.
    . 518400 IN NS b.root-servers.net.
    . 518400 IN NS c.root-servers.net.
    . 518400 IN NS d.root-servers.net.
    . 518400 IN NS e.root-servers.net.
    . 518400 IN NS f.root-servers.net.
    . 518400 IN NS g.root-servers.net.
    . 518400 IN NS h.root-servers.net.
    . 518400 IN NS i.root-servers.net.
    . 518400 IN NS j.root-servers.net.
    . 518400 IN NS k.root-servers.net.
    . 518400 IN NS l.root-servers.net.
    . 518400 IN NS m.root-servers.net.
    ;; Received 492 bytes from 199.7.83.42#53(l.root-servers.net.) in 45 ms
    
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; dns.nextdns.io. IN A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:46 2020
    ;; MSG SIZE  rcvd: 0
    io. 172800 IN NS a2.nic.io.
    io. 172800 IN NS b0.nic.io.
    io. 172800 IN NS c0.nic.io.
    io. 172800 IN NS a0.nic.io.
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 17.148.36.192.in-addr.arpa. IN PTR
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:46 2020
    ;; MSG SIZE  rcvd: 0
    ;; Received 284 bytes from 192.36.148.17#53(i.root-servers.net.) in 38 ms
    
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; dns.nextdns.io. IN A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:46 2020
    ;; MSG SIZE  rcvd: 0
    nextdns.io. 86400 IN NS dawn.ns.cloudflare.com.
    nextdns.io. 86400 IN NS lee.ns.cloudflare.com.
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 17.161.22.65.in-addr.arpa. IN PTR
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:46 2020
    ;; MSG SIZE  rcvd: 0
    ;; Received 86 bytes from 65.22.161.17#53(b0.nic.payu.) in 200 ms
    
    nextdns.io. 86400 IN NS dawn.ns.cloudflare.com.
    nextdns.io. 86400 IN NS lee.ns.cloudflare.com.
    dawn.ns.cloudflare.com.;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; dawn.ns.cloudflare.com. IN AAAA
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; dawn.ns.cloudflare.com. IN A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    nextdns.io. 86400 IN NS dawn.ns.cloudflare.com.
    nextdns.io. 86400 IN NS lee.ns.cloudflare.com.
    lee.ns.cloudflare.com.;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; lee.ns.cloudflare.com. IN AAAA
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; lee.ns.cloudflare.com. IN A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; dns.nextdns.io. IN A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; dns.nextdns.io. IN A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    dns.nextdns.io. 300 IN A 45.90.30.0
    dns.nextdns.io. 300 IN A 45.90.28.0
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
    ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 106.58.245.173.in-addr.arpa. IN PTR
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; WHEN: Mon Dec 21 19:01:48 2020
    ;; MSG SIZE  rcvd: 0
    ;; Received 64 bytes from 173.245.58.106#53(dawn.ns.cloudflare.com.) in 26 ms
    Like
    • fwehrle from a host on your network, do:

      dig @pfsense-ip dns.nextdns.io
      Like
  • Oh sorry, of course :

     

    dig @192.168.1.1 dns.nextdns.io

    ; <<>> DiG 9.10.6 <<>> @192.168.1.1 dns.nextdns.io
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54436
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;dns.nextdns.io.            IN    A
    ;; Query time: 124 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Mon Dec 21 21:12:07 CET 2020
    ;; MSG SIZE  rcvd: 43
    
    Like
    • fwehrle do you have cname folding enabled in settings?

      Like
      • fwehrle
      • fwehrle
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey No. Nor on the phone settings, nor on the router's setting.

      (I have 2 differents NextDNS settings for phone and router)

      Like
    • fwehrle do you have DNSSEC validation enabled on pfSense?

      Like
      • fwehrle
      • fwehrle
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey Yes

      Like
    • fwehrle can you please disable it. It shouldn't create an issue with this domain, but it won't work with DNS filtering anyway. Once done, please repeat the same dig and provide the output.

      Like
  • Ok.. I think I understand.

    I never had more than 3-4% of DNSSEC request in NextDNS logs. that's why..

    But the DNSSEC setting was on since months. Why is it broken only today?

    Do you change something on your side?

    Like
    • fwehrle yes, we working on a change that might create this issue, so debugging output would help us understand.

      Like
      • fwehrle
      • fwehrle
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey 

      Ok, good new. Ask me if you need to debug some things.

      Is there a solution to enable DNSSEC both on router, on phone, AND on phone when connected to the router wifi?

      It's look like there is no DNSSEC on router anymore (but it is normal as I disabled it on DNS resolver :)

      Like
    • fwehrle you can help by providing the output of the dig command that was failing before.

      Regarding DNSSEC, we are validating DNSSEC for you. As we need to modify responses for filtering, it is discouraged to validate DNSSEC on the client as validation will break when a domain is blocked or rewritten (rewrite feature, safe search feature etc.).

      Like 1
  • I juste uncheck this setting in pfSense and now it works on the phone again. Thank you

    Like
  • Et voila :

    dig @192.168.1.1 dns.nextdns.io

    ; <<>> DiG 9.10.6 <<>> @192.168.1.1 dns.nextdns.io
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51419
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;dns.nextdns.io.            IN    A

    ;; ANSWER SECTION:
    dns.nextdns.io. 60 IN A 37.252.225.79
    dns.nextdns.io. 60 IN A 193.168.204.73

    ;; Query time: 111 msec
    ;; SERVER: 192.168.1.1#53(192.168.1.1)
    ;; WHEN: Mon Dec 21 23:17:58 CET 2020
    ;; MSG SIZE  rcvd: 75

    Like
  • I've noticed android devices have not had connectivity for approximately 36 hours. I use a similar setup as Fwehrle. Turning off DNSSEC in PfSense does not eliminate the "Private server cannot be accessed" message on android users devices. Any other thoughts for how to solve this?

    Thanks

    With DNSSEC enabled:

    ; <<>> DiG 9.14.12 <<>> 192.168.1.1 dns.nextdns.io
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13674
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;192.168.1.1. IN A
    
    ;; AUTHORITY SECTION:
    . 1274 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020122101 1800 900 604800 86400
    
    ;; Query time: 52 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Dec 21 19:31:34 PST 2020
    ;; MSG SIZE rcvd: 115
    
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46083
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;dns.nextdns.io. IN A
    
    ;; Query time: 656 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Dec 21 19:31:35 PST 2020
    ;; MSG SIZE rcvd: 43
    

     

    With DNSSEC disabled:

    ; <<>> DiG 9.14.12 <<>> 192.168.1.1 dns.nextdns.io
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 510
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;192.168.1.1.INA
    
    ;; AUTHORITY SECTION:
    .1242INSOAa.root-servers.net. nstld.verisign-grs.com. 2020122101 1800 900 604800 86400
    
    ;; Query time: 43 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Dec 21 19:39:46 PST 2020
    ;; MSG SIZE  rcvd: 115
    
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57872
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;dns.nextdns.io.INA
    
    ;; ANSWER SECTION:
    dns.nextdns.io.60INA162.220.221.25
    dns.nextdns.io.60INA45.32.79.76
    
    ;; Query time: 43 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Dec 21 19:39:46 PST 2020
    ;; MSG SIZE  rcvd: 75
    
    Like
    • eBKv6q you forgot the @ before the IP of you router in the dig command. Can you try with it please?

      Like
      • eBKv6q
      • eBKv6q
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey oops sorry

      With DNSSEC enabled:

      ; <<>> DiG 9.14.12 <<>> @192.168.1.1 dns.nextdns.io
      ; (1 server found)
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26573
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
      
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;dns.nextdns.io.INA
      
      ;; Query time: 522 msec
      ;; SERVER: 192.168.1.1#53(192.168.1.1)
      ;; WHEN: Tue Dec 22 18:51:50 PST 2020
      ;; MSG SIZE  rcvd: 43
      

       

      With DNSSEC disabled:

      ; <<>> DiG 9.14.12 <<>> @192.168.1.1 dns.nextdns.io
      ; (1 server found)
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63676
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
      
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;dns.nextdns.io.INA
      
      ;; ANSWER SECTION:
      dns.nextdns.io.60INA162.220.221.25
      dns.nextdns.io.60INA45.32.79.76
      
      ;; Query time: 43 msec
      ;; SERVER: 192.168.1.1#53(192.168.1.1)
      ;; WHEN: Tue Dec 22 18:50:45 PST 2020
      ;; MSG SIZE  rcvd: 75
      

      Thanks

      Like
    • eBKv6q so same problem, please disable DNSSEC validation and it should work.

      Like
      • eBKv6q
      • eBKv6q
      • 2 yrs ago
      • Reported - view

      Hi Olivier Poitrey , I've disabled DNSSEC but android devices are still showing the same error. I'm testing with a Pixel 3, I've tried restarting the device and turning Private DNS off and back on. As soon as I hit Save it says it couldn't connect to the private DNS server.

      Thanks

      Like
  • Please unable to connect private dns since a week on nokia android 10. It always says no internet but was working flawlessly since 8 months. Is their any fix or when issue resolved

    Like
  • Olivier Poitrey following up on this. I last posted on Dec 23rd. A few days later the issue went away with no configuration changes on my end. I assumed something was adjusted in NextDNS. As of approximately 12 hours ago the "Private DNS cannot be accessed" message is back for android devices.

    Thanks

    Like
    • eBKv6q do you have cname flattening enabled in the settings tab?

      Like
      • eBKv6q
      • eBKv6q
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey the CNAME Flattening setting is disabled. Thanks

      Like
    • eBKv6q was it disabled, or disabling it fixed the issue?

      Like
      • eBKv6q
      • eBKv6q
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey Sorry, to clarify the CNAME Flattening setting is and always was disabled for my account. The problem is still occurring.

      Like
    • eBKv6q do you have dnssec validation setup on your router? Does it fix if you disable (I know you tried in the past, but this is a different issue).

      Like
      • eBKv6q
      • eBKv6q
      • 2 yrs ago
      • Reported - view

      Olivier Poitrey I still have dnssec disabled on the router. Its been off since my initial post on Dec 23rd.

      Like
    • eBKv6q If your using Pfsense then it's probably Pfsense and not NextDNS. Your android devices are not being allowed to reach the surface. It stays within the local network. Adjustments would need to be made to allow your devices to get through Pfsense or it will be automatically blocked.

      Like
  • Any updates on this issue? I've experienced the same "Private server cannot be accessed" on android devices for the last 2 weeks.

    Thanks

    Like
  • I have been experiencing the same "Private server cannot be accessed" error, with no changes having been made on my network.  I am on Verizon FiOS and using the G1100 router. 

    I am not aware of any way to enable dnssec on the router.  Also, I have CNAME flattening disabled.

    Any other suggestions on resolving this?

    Like
    • wTm5PK Can you try:

      1. Using "dns.nextdns.io"

      2. Using "anycast.dns.nextdns.io"

      And for which one(s) you're getting the issue?

      Like
      • eBKv6q
      • eBKv6q
      • 2 yrs ago
      • 1
      • Reported - view

      Romain Cointepas can you clarify what we should be trying? Should we visit the two URLs in our browser, or try swapping Android Private DNS to the format device-ID.anycast.dns.nextdns.io rather than the normal device-ID.dns.nextdns.io ?

      Thanks

      Like 1
      • wTm5PK
      • wTm5PK
      • 2 yrs ago
      • Reported - view

      Romain Cointepas anycast.dns.nextdns.io fails to connect consistently, but I have never used that prior to the test you suggested.

      I was originally using dns.nextdns.io when receiving the error. It appears to be working now, but I was sometimes able to get it to work by manually switching from dns.nextdns.io to hardcoding dns2.nextdns.io.

      Like
    • eBKv6q They are connections made to the URLs. Just testing to see if a valid connection can be established. If not, well then there's a problem.

      Like
  • El mismo problema, conectado a red wifi no conecta el dns privado y tampoco tengo acceso a la red.

    Like
  • Hello,

    Is there any update on this or additional information we can provide to troubleshoot?

    Thanks

    Like
  • Hi guys,

    Since a few days, witout any settings changes, this troubles append again.

    I double check my router's and nextdns settings :  dnssec option is disabled, and cname flat too.

    Any changes in your side?

    What can i test/do to solve my problem?

    Thank you very much, and have a nice day

    Like
  • Thank you.

    I don't know if it apply, since I don't know how to check the CA on pfSense.

    I ask for it on the other post. Wait and see..

    Like
Like3 Follow
  • 3 Likes
  • 1 yr agoLast active
  • 45Replies
  • 1441Views
  • 9 Following