Encrypted DNS Analytics not inline with Logs

Adam OK, you will have to look at analytics and logs. Then filter by unidentified as those will probably be unencrypted.

You might be able to find out what device is creating the unencrypted requests from the domains.

Private Person Check each device individually, make sure they aren’t leaking DNS requests to somewhere else. 

Try https://www.dnsleaktest.com or other similar tester.

R P M I tested with the leak test, and it showed my ISP. Thanks.👍

So I changed my Router (TP-:LINK via cable) to explicitly use Next DNS, and now the leak test, looks better. I still get some going to an AUS dns. Previously all were my ISP's DNS.

But some sites still dont get logged in my NextDNS logs. I am guessing, that for some reason, theyt are the oines thatr go to the aus DNS. I havent rebooted my PC, but I did flush my DNS cache.

And although not going to solve the issue, is there a reason it just changed?

Private Person Difficult to know what could have changed this. The usual culprits are system updates and/or program/app updates. 

R P M I played with this yesterday, and had some interesting test results and findings .

Where to start... so just as it occurs to me, not a logical order and some things cross over ie I made changes, left the change then made a different change, so some may cross over. I was getting frustrated

1. When I browse the web and/or run adblock tests, I am still getting similar results to what I got before the drop happened.

2. One of the 'suspicious' things is that previously all web sites allowed & blocked were showing in the live logs Which was REALLY handy to add an allow. But since the dip, it appears some web sites are no longer being resolved by NextDNS, as they weren't in the logs anymore. HOWEVER, when I go to Analytics , its in the top 6 resolved DNS's, So it appears, at least for that host, its the live logs are borked.  It did appear in the logs before (it was blocked so I used the UI to allow). By the way, even the resolution of YouTube does not appear in the logs anymore

3. I thought it may be 'falling back' to the ISP's DNS, so I changed the Router's(Broadband, Modem/Router) fall back DNS to be explicitly the NextDNS DNS IP'sl it was previously unset so I assume the ISP default config. That, from memory, may o helped. Sometimes I actually ONLY got NextDNS in the leak test. But still, sometimes others. It was not consistent. PS: I did a Flush-DNS after EVERY change.

4. I have a 3rd party Firewall (PeerBlock) I was using before NextDNS. With a HUGE blocklist. >2.9M. Since switching to NextDNS, I left the firewall on, but I set it to allow ALL https. I thought, maybe it was blocking the DNS requests... "sometimes"... When I disabled the Firewall completely, I got perfect leak test results (ie no leak!). But this morning after a reboot. Its back to failing/leaks. So HTTP only allow is back on. I will ensure the DNS requests port is also allowed.

So it seems the logs are the worst, and maybe the count are based on the logs, and not the actual true resolutions/blocks, hence the visible drop in the graph. While ads still seem to be locked.

I downloaded the logs, opened in Excel, and filtered by the Host I dont see. and I get the attached. There are a few logs after the 28 jan, but before, there are many more. But what also struck me, is the protocol had changed from all UDP to DNS Over HTTPS. I am NOT a network guy by any means so ill need to read up on this change. FYIL Youtube appears in the downloaded logs for recent dates.

Is everyone else seeing YouTube host name resolution in their love logs?

But, it appears to work in blocking, so I will stay using it, with the assumption the logs are borked. I;ll just a]ensure the DNS's are being allowed through my Firewall (PeerBlock on allow HTTP  and standard Windows 11), If anything, I now have a lower reading of resolution per mnth, so wont be pushed into a paid account🙂

Private Person UDP would indicate that the DNS request was using just the NextDNS IP addresses (i.e. unencrypted).

You must have changed how you were connected to NextDNS for DNS over HTTPS to suddenly appear. This usually means that you used a url string to input into something (ex. https://dns.nextdns.io/123abc/), using the app or configuration profile.