4

DNS leak test showing USA cloudflare addresses instead of local NextDNS?

Hi there, I have been using the service for about a week now and have been enjoying the local fast queries and speeds. When I first got my service up and running I had 2 local dns servers powered by nextdns. Now when I am testing for dns leaks I am seeing entries for Cloudflare addresses back to USA - 172.70.37.108

Being in Aus this creates a noticable difference going from <10ms to ~330ms ping response times. Is this a cause of a setting ticked under the performance section in the settings? Again just seeking some clarity about what is causing this. Thanks.

Edit: I have just performed another leak test, no neither NextDNS servers are showing and am getting multiple Cloudflare addresses. I run a PiHole setup and force all traffic through it using the 2x servers provided under my https://my.nextdns.io/ page.

119 replies

null
    • Ruby_Balloon
    • 2 yrs ago
    • Reported - view

    Did you link your static public IP from your ISP? If not, you'll need to do that if ipv4 is your only option

    If so, do you have more than one static DNS entry setup on your router's side? If so, pihole recommends only having one entry (setup to your pihole's IP)

    https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245

    Your NextDNS ipv4 DNS servers (from your dashboard) will need to be entered as the ONLY custom ipv4 upstream DNS entries via pihole

    Or You can use Pihole as the DHCP server instead of the router

    https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Myth0ne this is the theory, but testing would give answers at which point the problem starts.

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow So with unblocking those IP's on my firewalll, The Pi's turned off I get no dns resolution (to be expected) until I turned them back on.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Myth0ne Okay. Now it would make sense testing without Pi's and adding NextDNS directly in your router. Start with non-encrypted version first

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow Confirmed to still have cloudflare leaks even turning Pi's off and adding NextDNS directly onto the wan/lan dns pages.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Myth0ne then your router directly add this as fallback or your end device. 
       

      test with mobile phone but use mobile network instead of WiFi 

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow I wish you were right, when I change my dns on my pi's to others e.g. (OpenDNS) I don't get these leaks. Do you just get the 2x results for an extended test on dnsleaktest.com? I just tried using the preferred method on my Android phone below and getting multiple servers in the leak test still to back to USA. Seems like it may just be how nextdns is routing things.

       

       Go to Settings → Network & internet → Advanced → Private DNS.

      2. Select the Private DNS provider hostname option.

      3. Enter xxxx.dns.nextdns.io and hit Save.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Myth0ne yes i only get one server:

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow Hmm, sometimes I get 2 results from dns.nextdns.io
      Othertimes I get the screenshot in the original post I submitted. More often than not however it is those pesky cloudflare addresses. It's a shame because I can't manually set that ip address either (e.g. in your case setting 95.179.134.211

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      NextDNS so we've confirmed this seems to happen even using the given ip directly on the router. Is this just where I'm located that I seem to get these others CloudFlare servers popping up when I test?

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Myth0ne it has to be something with your setup, the location does not mater. What router do you have? If you install the nextdns app on your device, does it still happen?

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      NextDNS yes, I've confirmed I get it using private dns on android device using LTE. I got an Asus RT-AC68u running merlin 386.2_6 more info on the setup was in an earlier comment here - https://help.nextdns.io/t/q6hkgrc?r=35hk552

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Myth0ne please run a https://nextdns.io/diag without nextdns configured on your network.

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      NextDNS Sure will report back in a moment. I'll use OpenDNS as my resolver instead for purposes of testing.

      • Myth0ne
      • 2 yrs ago
      • Reported - view
      • Myth0ne
      • 2 yrs ago
      • Reported - view

      NextDNS Do I need to test with nextdns configured on the network with the diag tool?

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      NextDNS Any update on this? Seems I don't get these leak issues when using DNS over HTTPS when using Quad9 for example

    • Myth0ne
    • 2 yrs ago
    • Reported - view

    Seems to be happening regardless of browser used, confirmed to have the same results across MS Edge, Chrome & Firefox with the same results. As some other threads show they have a google backbone mine seem to be cloudflare. Something funky going on.

    • Myth0ne
    • 2 yrs ago
    • Reported - view

    So sometimes the leak test works 'as expected' and shows my primary and fallback as nextdns. Other times I'll get both nextdns and cloudflare addresses and sometimes just cloudflare as mentioned in the original post. Seems to be completely random every time I run a test.

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      Myles Pearlstein Cool, glad to know I am not the only one. I thought something funky had been going on.

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      Myles Pearlstein So interesting findings. I actually switched over earlier to using a similar service from Cloudflare for Teams. Using their 2x given IPv4 addresses I only get the 1 listed dns server. 

       

      Is it possible to get any more investigation into this? @NextDNS ?

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      Myles Pearlstein Very unfortunate indeed. I ran the test they asked and haven't heard word for a while now. I've since moved to a DOH implementation and seemed to of reduced it to only 1 server outside my location on very rare occassion.

      Perhaps you or someone else could chime in do I lose all of my settings (under performance heading) in the settings menu in NextDNS config to speed up browsing if you surpass the 300k queries? Or is it just the white/blacklisting?

      Because agreed, if I were to pay for the product I'd much prefer to look at an alternative that doesn't return these weird results without any good reasonable explanation.

    • losnad
    • 2 yrs ago
    • Reported - view

    I think that this service is used by hundreds of thousands of people and the few that have problems with it are thinking that the service is broken, it doesn't work. Isn't it funny?
    Maybe some are expecting NextDNS to come to their house and fix it for them.

    They are offering instructions, apps, tools, recommendations... If you want to go your way, you should own it, you should know what you are doing.

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      losnad What does this comment achieve? You've already made your point several times on this post and have offered zero benefit lol. I've been working with NextDNS and running their diagnostic tool to look into it further. I don't expect them to come and fix it, just seeing a few people with similar queries I was hoping to find the root cause or if its perhaps if this is all intended by design.

      • losnad
      • 2 yrs ago
      • Reported - view

      By design it is like this on all my browsers and devices. Just different servers, but only from NextDNS. I just tested on Firefox, Brave, Opera and even on my TV browser.

      • Myth0ne
      • 2 yrs ago
      • Reported - view

      losnad Too easy, do you know if the edns and cname flattening etc if queries surpass 300k queries on a free plan or are all those disabled as well as blocklists and whitelists?

Content aside

  • 4 Likes
  • 2 yrs agoLast active
  • 119Replies
  • 5278Views
  • 17 Following