4

DNS leak test showing USA cloudflare addresses instead of local NextDNS?

Hi there, I have been using the service for about a week now and have been enjoying the local fast queries and speeds. When I first got my service up and running I had 2 local dns servers powered by nextdns. Now when I am testing for dns leaks I am seeing entries for Cloudflare addresses back to USA - 172.70.37.108

Being in Aus this creates a noticable difference going from <10ms to ~330ms ping response times. Is this a cause of a setting ticked under the performance section in the settings? Again just seeking some clarity about what is causing this. Thanks.

Edit: I have just performed another leak test, no neither NextDNS servers are showing and am getting multiple Cloudflare addresses. I run a PiHole setup and force all traffic through it using the 2x servers provided under my https://my.nextdns.io/ page.

119 replies

null
    • Myth0ne
    • 4 yrs ago
    • Reported - view

    Is it also worth my while just when I do enough of the testing to point directly to the local servers it picks up? Or do those IP's constantly change with regards to nextdns servers? (They differ to what is shown for the 2x ip's shown in my account dashboard) if that makes sense. Thanks!

    • NextDNs
    • 4 yrs ago
    • Reported - view

    What do you get for https://test.nextdns.io?

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      NextDNS 
        

      {
"status": "ok",
"protocol": "UDP",
"configuration": "fp0254db39e3be6df7",
"client": "my static ipv4 address here",
"destIP": "45.90.30.58",
"anycast": true,
"server": "vultr-syd-1",
"clientName": "unknown"
}

Which is weird because when I run 'leak' tests I seem to get a bunch of USA IP's as well for cloudflare which I've found in the past gives me crap cdn routing and takes ages to resolve pages sometimes. Please see below, my question is should I hard code those 2x highlighted addresses instead of using the provided 2x addresses that are linked to my ip in my nextdns account page. Or do those IP's often change around?
    • losnad
    • 4 yrs ago
    • Reported - view

    Did you read this:

    https://help.nextdns.io/t/m1hmv0k/which-setup-type-to-use

    https://help.nextdns.io/t/g9hmvan/what-is-linked-ip

    • losnad
    • 4 yrs ago
    • Reported - view

    If you configured only the v4 DNS and you didn't configured or disabled v6 you will have leaks.

    If possible use DoH or DoT as explained in the links I gave you but probably didn't bother reading.

    If you can install the CLI, if not other app/client or some script that can be configured with DoH or DoT. Or disable V6.

    https://github.com/nextdns/nextdns/wiki

    *You can try the servers direct ip's, see if they work... I say they won't and I think you should stick with the ones from your profile.

    • Myth0ne
    • 4 yrs ago
    • Reported - view
    losnad said:
    If you configured only the v4 DNS and you didn't configured or disabled v6 you will have leaks.
    If possible use DoH or DoT as explained in the links I gave you but probably didn't bother reading.

     I did read the article. I can only use v4 or v6 links. I've disabled v6 on my router and pihole config

    When I sign into my dashboard I even get the following - 

    'IPv6

    Your network does not support IPv6'

    • Myth0ne
    • 4 yrs ago
    • Reported - view

    Bumping for visibility. Is this normal behaviour? When I run these tests I sometimes get only overseas dns server results.. Seems to be really inconsistent and confusing. For instance if I use cloudflare 1.1.1.1 & 1.0.0.1 I only get the two results when I run leak tests.

    • losnad
    • 4 yrs ago
    • Reported - view

    It's normal to not know, no one was born a master.

    To don't listen, to not read to learn, this is not normal.

    If you have leaks in DNS where NextDNS and other DNS providers appear on the same time it's probably a problem with v6 which is not configured or can't be configured.

    If NextDNS does not appear at all, it is most likely because you did not configured DDNS and your IP is dynamic. I mean is not rocket science. Your IP change, you no longer use NextDNS.

    Set the default NextDNS 45.90.28.0  and 45.90.30.0 and it will act just like any other public DNS like Cloudflare or Google. But you will lose all your settings from the account. If you use the IP from your account you need to either have a fixed IP or update it when is changing, manually or to set up a DDNS.

    It is all explained in your account, here on Knowledge Base. But it is easier to just complain when is clearly nothing wrong with the service but just human error.

    Now, just ignore, again, what I explained and keep having the same problem.

    • Myth0ne
    • 4 yrs ago
    • Reported - view
    losnad said:
    If you have leaks in DNS where NextDNS and other DNS providers appear on the same time it's probably a problem with v6 which is not configured or can't be configured.
    If NextDNS does not appear at all, it is most likely because you did not configured DDNS and your IP is dynamic. I mean is not rocket science. Your IP change, you no longer use NextDNS.

     I am trying to help us out here to say I am not reading or listening helps nobody and comes off as stubborn.

    It isn't just me as I can see it appearing on other threads here as well.

    To reiterate some of the suggestions you have made. I have IPv6 straight up disabled from my router. I don't have it set up at all and only utilise ipv4. In regards to a dynamic IP that is also incorrect as I have a static ip given to me by my ISP. 

    So rather than telling me I am not listening and ignoring what is said, if we as fellow people in the tech field where does it now take us with the next troubleshooting steps moving forward now you know this information which might I add I already mentioned in the thread previously?

    • losnad
    • 4 yrs ago
    • Reported - view

    A quick thing and I'm done, one thing is for sure, NextDNS does not redirect you or the others who have problems to Cloudflare or any other DNS providers. 

    In this situation, there is nothing wrong with NextDNS service.  If you don't know or want to learn how to use it, ask someone to check your setup.

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      losnad 

      I'd love to learn how to use it. I was considering paying for its very fast local cdn service that I enjoy perhaps I can give the bog standard 45.90.28.0 & 45.90.30.0 services as I utilise all the dns blocking locally from my piholes. 

      Just been seeing a few posts pop up surrounding and getting conflicting information like here - https://www.reddit.com/r/nextdns/comments/odnpia/dns_leak_question/?context=3 where they mention that after 300k queries dns results are rerouted to Google. Then I also saw this one yesterday as well - https://help.nextdns.io/t/83hkphc/connecting-to-a-bunch-of-google-dns-servers?r=h7hk5mt#h7hk5mt

      • NextDNs
      • 4 yrs ago
      • Reported - view

      Myth0ne DNS queries are never "redirected" to any other service. After 300k queries, filtering and logging is disabled, that's all.

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      NextDNS 

      Thank you for clarifying! 
      So for your paid service is it just the logging and blocking functionalities for infinite queries that are enabled? As I have PiHole blocking I was using cloudflare but my ISP gets crap routing using them as they are not a ECS dns provider. So I have been enjoying using the fast local NextDNS servers!

    • losnad
    • 4 yrs ago
    • Reported - view

    Yeah, instead of reading Knowledge Base https://help.nextdns.io/category/knowledge-base

    you read on reddit.

    https://help.nextdns.io/t/p8hmvaw/what-happens-after-300k-queries

    • Ruby_Balloon
    • 4 yrs ago
    • Reported - view

    Did you link your static public IP from your ISP? If not, you'll need to do that if ipv4 is your only option

    If so, do you have more than one static DNS entry setup on your router's side? If so, pihole recommends only having one entry (setup to your pihole's IP)

    https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245

    Your NextDNS ipv4 DNS servers (from your dashboard) will need to be entered as the ONLY custom ipv4 upstream DNS entries via pihole

    Or You can use Pihole as the DHCP server instead of the router

    https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      Greg B. 

      Hi there Greg, Yes I have linked my public static IP from my ISP. I only have my pihole IP as DNS in my router settings and force all request through it. Running AsusWRT in DNSFilter mode so if it detects any devices trying to reach google dns etc outside my specified pihole dns in my router config it redirects it as a request through my router (if that makes sense.)

       

      I have both ipv4 addresses provided by NextDNS in my custom ipv4 upstream dns entries in pihole. That is all, no other servers are used. One thing I did read in that earlier reddit thread is possibly having enabled 'Anonymized EDNS Client Subnet'

      • NextDNs
      • 4 yrs ago
      • Reported - view

      Myth0ne ECS is unrelated to this. If dns leak sees non nextdns servers it has nothing to do with nextdns settings but with whatever you have as dns between your testing client and nextdns.

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      NextDNS 

      So you can see the screenshot. I've got it locked down as hard as can be imo. Most times when I run an extended test I get those leaks, sometimes I get nothing which is weird. I am not sure what else could be causing it. I.e. if I change to both OpenDNS (208.67.222.222 · 208.67.220.220) I don't get those leaks perse and just see those 2x servers and nothing else. Sometimes I see a huge string of Google LLC / Cloudflare servers as pictured 

      • Pro subscriber ✓
      • DynamicNotSlow
      • 4 yrs ago
      • Reported - view

      Myth0ne sounds like your device use Google or Cloudflare as fallback and you got problems with NextDNS so fallback is used.

      You need to post your complete setup or nobody can help with more then magic.

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      DynamicNotSlow 

      Ok so I'll try and be as concise as possible.

      PiHole's x2 I have one on ethernet, one on wifi at the other end at the house running in a master/slave config in high availbility with keepalived. I run a virtual ip dns (192.168.1.20) Both Piholes are configured to use custom ipv4 DNS which is listed above my linked IP in my NextDNS dashboard page. Setup for the HA pihole is found here - https://www.reddit.com/r/pihole/comments/czlynq/tutorial_how_to_run_2_pihole_servers_in_ha_high/

      Running Asus Merlin software on RTAC68u router. My router is my dhcp server. Both WAN & LAN DNS is set to my virtual ip (192.168.1.20) meaning when master pihole dies or loses connection slave pihole kicks in and handles queries. This is due to having DNSFilter enabled with the mode set to the router with both piholes given a no filter exception. Essentially meaning that if a device were to try and reach outside dns the it will hit the router and be forced back through the pihole. More on that here but is very common on the snbforums - https://www.snbforums.com/threads/way-to-block-devices-from-reaching-out-to-google-dns-on-ac68u.73426/#post-698075

       

      I don't seem to have the issue as previously mentioned when I use OpenDNS or Quad9 etc other DNS systems. In fact I went to great measures and even added a URL and IP filter to block out common dns and doh filters on my piholes as well.

       

      https://raw.githubusercontent.com/Sekhan/TheGreatWall/master/TheGreatWall.txt
      https://raw.githubusercontent.com/oneoffdallas/dohservers/master/iplist.txt

      Hope that makes sense without being too confusing or technical. If you need clarification on anything let me know!

      • Pro subscriber ✓
      • DynamicNotSlow
      • 4 yrs ago
      • Reported - view

      Myth0ne and what's your settings for your devices?

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      DynamicNotSlow Sorry I thought that was self explanatory. Everything is set to DHCP so router servers out the IP and DNS which points back to the PiHole using the 2 ipv4 adddresses provided in the nextdns dashboard

      • Pro subscriber ✓
      • DynamicNotSlow
      • 4 yrs ago
      • Reported - view

      Myth0ne what happens if you shutdown your Pi‘s?

      did you still get cloudflare?

      • NextDNs
      • 4 yrs ago
      • Reported - view

      Myth0ne pi-hole uses dnsmasq which by default will read /etc/resolv.conf in addition to define servers as upstream. I would recommend trying our CLI instead of pi-hole just to confirm it is not a pi-hole issue.

      • Myth0ne
      • 4 yrs ago
      • Reported - view

      DynamicNotSlow I wouldn't get any result as they act as my lan dns servers. I may have resolved the issue by just flat out blocking those IP's in my router firewall as a preventative measure.

Login to reply

Content aside

  • 4 Likes
  • 4 yrs agoLast active
  • 119Replies
  • 7007Views
  • 17 Following