"Private DNS" on Android and pfSense DNS setup conflict?
Hello,
I use NextDNS's DNS, both on the "Private DNS" setting on my Android phone, and on the DNS Resolver custom option of my pfSense router.
It worked for months together (I use my NextDNS phone config , both on 4G and when I'm connected to my router.).
But since a few hours today, without any configuration modifications, my phone tell me no internet connection when I'm connected to the router.
It work great on another wifi (without NextDNS setting), or on my wifi (with nextDNS Settings) but only if I disabled the "Private DNS" setting.
I don't know why...
Is there a conflict when we use both NextDNS setting on router AND on phone together?
Thank you,
45 replies
-
From your android, what do you get for https://test.nextdns.io
-
I don't know if it's important but I use mutiwan on router (ADSL, 4G and VPN). And pfSense ask for DNS on all interfaces. (But it was working like this for months..)
-
Can you dig you pfSense for dns.nextdns.io please?
-
A DNs Lookup on pfSense?
Result :
Results
ResultRecord type
37.252.225.79 A 193.168.204.73 A 2a00:11c0:2:998::3 AAAA 2a0e:9900::1:0:0:1:2 AAAA Timings
Name serverQuery time
127.0.0.1 159 msec 45.90.28.181 151 msec 45.90.28.42 183 msec 45.90.30.42 292 msec Or do you need a dig command?
-
Shell Output for drill -V5 -T dns.nextdns.io :
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; . IN NS ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:41 2020 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 42.83.7.199.in-addr.arpa. IN PTR ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:42 2020 ;; MSG SIZE rcvd: 0 . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Received 492 bytes from 199.7.83.42#53(l.root-servers.net.) in 45 ms ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; dns.nextdns.io. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:46 2020 ;; MSG SIZE rcvd: 0 io. 172800 IN NS a2.nic.io. io. 172800 IN NS b0.nic.io. io. 172800 IN NS c0.nic.io. io. 172800 IN NS a0.nic.io. ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 17.148.36.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:46 2020 ;; MSG SIZE rcvd: 0 ;; Received 284 bytes from 192.36.148.17#53(i.root-servers.net.) in 38 ms ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; dns.nextdns.io. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:46 2020 ;; MSG SIZE rcvd: 0 nextdns.io. 86400 IN NS dawn.ns.cloudflare.com. nextdns.io. 86400 IN NS lee.ns.cloudflare.com. ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 17.161.22.65.in-addr.arpa. IN PTR ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:46 2020 ;; MSG SIZE rcvd: 0 ;; Received 86 bytes from 65.22.161.17#53(b0.nic.payu.) in 200 ms nextdns.io. 86400 IN NS dawn.ns.cloudflare.com. nextdns.io. 86400 IN NS lee.ns.cloudflare.com. dawn.ns.cloudflare.com.;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; dawn.ns.cloudflare.com. IN AAAA ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; dawn.ns.cloudflare.com. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 nextdns.io. 86400 IN NS dawn.ns.cloudflare.com. nextdns.io. 86400 IN NS lee.ns.cloudflare.com. lee.ns.cloudflare.com.;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; lee.ns.cloudflare.com. IN AAAA ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; lee.ns.cloudflare.com. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; dns.nextdns.io. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; dns.nextdns.io. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 dns.nextdns.io. 300 IN A 45.90.30.0 dns.nextdns.io. 300 IN A 45.90.28.0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 106.58.245.173.in-addr.arpa. IN PTR ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Mon Dec 21 19:01:48 2020 ;; MSG SIZE rcvd: 0 ;; Received 64 bytes from 173.245.58.106#53(dawn.ns.cloudflare.com.) in 26 ms
-
Oh sorry, of course :
dig @192.168.1.1 dns.nextdns.io
; <<>> DiG 9.10.6 <<>> @192.168.1.1 dns.nextdns.io ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54436 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns.nextdns.io. IN A ;; Query time: 124 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Mon Dec 21 21:12:07 CET 2020 ;; MSG SIZE rcvd: 43
-
Ok.. I think I understand.
I never had more than 3-4% of DNSSEC request in NextDNS logs. that's why..
But the DNSSEC setting was on since months. Why is it broken only today?
Do you change something on your side?
-
I juste uncheck this setting in pfSense and now it works on the phone again. Thank you
-
Et voila :
dig @192.168.1.1 dns.nextdns.io
; <<>> DiG 9.10.6 <<>> @192.168.1.1 dns.nextdns.io
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51419
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.nextdns.io. IN A;; ANSWER SECTION:
dns.nextdns.io. 60 IN A 37.252.225.79
dns.nextdns.io. 60 IN A 193.168.204.73;; Query time: 111 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Dec 21 23:17:58 CET 2020
;; MSG SIZE rcvd: 75 -
I've noticed android devices have not had connectivity for approximately 36 hours. I use a similar setup as Fwehrle. Turning off DNSSEC in PfSense does not eliminate the "Private server cannot be accessed" message on android users devices. Any other thoughts for how to solve this?
Thanks
With DNSSEC enabled:
; <<>> DiG 9.14.12 <<>> 192.168.1.1 dns.nextdns.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13674 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;192.168.1.1. IN A ;; AUTHORITY SECTION: . 1274 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020122101 1800 900 604800 86400 ;; Query time: 52 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 21 19:31:34 PST 2020 ;; MSG SIZE rcvd: 115 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46083 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns.nextdns.io. IN A ;; Query time: 656 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 21 19:31:35 PST 2020 ;; MSG SIZE rcvd: 43
With DNSSEC disabled:
; <<>> DiG 9.14.12 <<>> 192.168.1.1 dns.nextdns.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 510 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;192.168.1.1.INA ;; AUTHORITY SECTION: .1242INSOAa.root-servers.net. nstld.verisign-grs.com. 2020122101 1800 900 604800 86400 ;; Query time: 43 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 21 19:39:46 PST 2020 ;; MSG SIZE rcvd: 115 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57872 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns.nextdns.io.INA ;; ANSWER SECTION: dns.nextdns.io.60INA162.220.221.25 dns.nextdns.io.60INA45.32.79.76 ;; Query time: 43 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 21 19:39:46 PST 2020 ;; MSG SIZE rcvd: 75
-
Please unable to connect private dns since a week on nokia android 10. It always says no internet but was working flawlessly since 8 months. Is their any fix or when issue resolved
Content aside
-
3
Likes
- 3 yrs agoLast active
- 45Replies
- 2465Views
-
9
Following