0

Please can someone advise if the NextDNS resolver is down????

DNS stopped resolving on my network at pretty much midnight here in the UK.

It is now 2:34am and I have been pulling my hair out trying to troubleshoot it.

I have had to reconfigure my entire setup to use Cloudflare DoT, which works.

I have had NextDNS up and running for a number of months with the same config. All running fine until tonight. I've been really happy with it but this has been a huge inconvenience.

I tried even setting my router to use the unencrypted DNS addresses for NextDNS and even that would not work.

Please can anyone advise on the status of the service?

Thanks,

FS

10 replies

null
    • Francis_Baker
    • 2 yrs ago
    • Reported - view

    I am not seeing it down: https://www.dnsperf.com/dns-resolver/nextdns

    • fsociety3765
    • 2 yrs ago
    • Reported - view

    Not sure what that service checks. Is that just looking at the UDP service?

    My network uses a mixture of the DoT and DoH services. On DoT, in the logs, I was just getting SERVFAIL responses to the requests. On DoH, I was getting endpoint failure.

    I did attempt to set my router to use the standard UDP addresses as a test, it didn't work but I might not have given it much of a chance. I was in a panic to get DNS back up.

    It would be really helpful if there was a service status on the account page somewhere.

    How do I make contact with NextDNS? Coming up against this issue has made me realize that there doesn't seem to be any official contact channels? No email, no phone number, no contact us anywhere.

    • fsociety3765
    • 2 yrs ago
    • Reported - view

    If I wanted to test the DoH endpoint from a HTTP client, how do I make the query?

    I have been trying 

    GET https://dns.nextdns.io/${config-id}?dns=google.com

    GET https://dns.nextdns.io/${config-id}/dns-query?dns=google.com

    I have also tried each as a POST.

    I just get a 400 Bad request response.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      fsociety3765 the JSON api would be: 

      https://dns.nextdns.io/${config-id}/dns-query?name=google.com

      The dns parameter is for the "actual" DoH API which is expecting a binary DNS request, not just a domain as a string (you would also need a specific Content-Type).

      • fsociety3765
      • 2 yrs ago
      • Reported - view

      NextDNS this works...
        

      GET https://dns.nextdns.io/${config-id}/resolve?name=google.com

{
    "Status": 0,
    "TC": false,
    "RD": true,
    "RA": true,
    "AD": false,
    "CD": false,
    "Question": [
        {
            "name": "google.com.",
            "type": 1
        }
    ],
    "Answer": [
        {
            "name": "google.com.",
            "type": 1,
            "TTL": 40,
            "data": "142.250.187.238"
        }
    ],
    "Additional": [
        {
            "name": ".",
            "type": 41,
            "TTL": 0,
            "data": "\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags: ; udp: 1232"
        }
    ]
}
      • fsociety3765
      • 2 yrs ago
      • Reported - view

      NextDNS are you able to shed any light on the outage I experienced last night? I was just getting SERVFAIL on DoT and endpoint failure on DoH.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      fsociety3765 we have no trace of an outage in your region.

      • fsociety3765
      • 2 yrs ago
      • Reported - view

      NextDNS OK.

      Are you able to advise on what may have happened? Is there anything I can check to troubleshoot?

      My router is a Unifi UDM-PRO, which I run the NextDNS command-line app on. I believe this uses DoH. However, this is really a fallback option. I have two dedicated DNS servers running my internal domain. These upstream to two Pi-Hole servers, the Pi-Hole servers each upstream to Unbound and then Unbound is configured on each to use DoT with NextDNS for anything outgoing.

      DNS on UDP 53 is only allowed to a select few internal servers on the network. All other DNS traffic on UDP 53 is dropped.

      This setup has worked flawlessly for a fair few months until the issues I had last night.

      If I ran `nextdns log` on the UDM, I was getting a lot of "endpoint failure", referencing the NextDNS DoH endpoint. And in the Unbound logs on the other two DNS servers that use DoT I was seeing constant "SERVFAIL" responses.

      I obviously tried rebooting/restarting things but nothing seemed to solve the issue.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      fsociety3765 your setup is very complex. Hard to know which part failed. You could simplify it a lot by just installing our CLI on your UDM pro. It has fallback integrated.

    • fsociety3765
    • 2 yrs ago
    • Reported - view

    I have just changed everything back to how it was using NextDNS and everything is now working fine.

    Meh

Login to reply

Content aside

  • 2 yrs agoLast active
  • 10Replies
  • 313Views
  • 3 Following