TLS Connection Failures - Stubby
I’m seeing connection failures between Stubby and NextDNS that I haven’t seen before, causing lookup timeouts and excessive connections to the service. Plain DNS works very well. Cloudflare and other DoT providers work well on Stubby, which leads me to think it’s a NextDNS issue. I cannot get the diagnostic tool to successfully look up nextdns.io while using Stubby but can run when not connected.
Looking for any insight or assistance.
Version: Stubby 0.4.0 on FreshTomato
daemon.info stubby: 18.104.22.168 : Upstream : TLS - Resps= 26, Timeouts = 10, Best_auth =Success - with occasional SERVFAIL from dnsmasq
- address_data: 22.214.171.124
tls_auth_name: "xxxxxx.dns1.nextdns.io" etc
Will message diag privately on request.
For the sake of testing, I spun up Stubby on a Debian instance with the config above and can’t resolve lookups:
$ nslookup eff.org 127.0.0.1
** server can't find eff.org: SERVFAIL
With Cloudflare dropped into the config, I can resolve addresses. Any ideas?
I use AsusWRT-Merlin with NextDNS and DoT. I believe it uses Stubby under the hood. For the past week or so, I've had terrible Internet on all my devices. I was able to pin it down to DNS today. Lots of slow DNS replies or total failures.
Switching to Cloudflare fixes the issue.
This may be anecdotal, but perhaps there is some wider issue here.
Here is someone else with the same issue on AsusWRT-Merlin: https://www.snbforums.com/threads/dns-over-tls-and-chroot-nextdns-dot-issue.74466
It's annoying because it was working for months and now all of a sudden it is an issue. :(
I have just begun (in the last 3 or 4 days) experiencing the same thing with Stubby after it was running fine for months and no changes to my config. [I am surprised by seeing IPv6 addresses, traceroutes and pings seemingly working. I have never had IPv6 before and not sure what to make of it -- ISP has not announced it. Not sure when that started.]
I have basically the same config as dan.
I have sent a diag.
[EDIT] Oops. diag didn't go.