0

PR_IO_TIMEOUT_ERROR only on my.nextdns.io

I am having problems with "my.nextdns.io"  and this site as well, 'help.nextdns.io", on firefox, as it tells me that I have a "PR_IO_TIMEOUT_ERROR" .

I cannot access "my.nextdns.io" for weeks now, even though I have increased timeout values with sysctl a bit but nothing changes.

The site "nextdns.io",  gives me no problems and it is really fast.

I have configure DoH for opera, firefox and chromium and it is a bit slower than usual, I believe that on opera the speed is slower because I have been using their vpn free offer. (the vpn is actually a secure proxy, https proxy) .

What is going on?

8 replies

null
    • Carlos
    • 2 yrs ago
    • Reported - view

    Ok, but could you at least point me out to a reason why?

    • Carlos
    • 2 yrs ago
    • Reported - view

    All browsers I use are confined in a light container, configured to NOT have access to gpu/files/configs/other and all interaction with my host computer is supervised/logged/monitored , I have a consistent and strong firewall and I keep checking for improvements and errors.

    On chromium, nextdns does not work so well... I have delays and pages don't load on a first try, but on a second try everything works well.

    I use a hardned version of firefox, no fake handshakes on tls, tls 3/4 only, no minor tls  versions and so on ... 0RTT ...

    • Carlos
    • 2 yrs ago
    • Reported - view

    I only receive unicast and no anycast of any kind. It goes the same for broadcast/multicast and others ...

    Also, test.nextdns.io gives me this: 

    {
"status": "ok",
"protocol": "DOH",
"profile": "fdpxxxxxxxxxxxx",
"client": "179.219.xxx.xxx",
"srcIP": "179.219.xxx.xxx",
"destIP": "37.252.238.25",
"anycast": false,
"server": "anexia-sao-1",
"clientName": "unknown-doh",
"deviceName": "frfx-xxxxx",
"deviceID": "5F7xxx"
}
    • Carlos
    • 2 yrs ago
    • Reported - view

    I think I found what the problem is, my ip is blacklist because I only use ipv4 and no ipv6 whatsoever, and I get bad ips from my ISP from time to time. You probably use ip blacklisting on my.nextdns.com.

    • Pro subscriber ✓
    • DynamicNotSlow
    • 2 yrs ago
    • Reported - view
    Carlos said:
    I use a hardned version of firefox

     Doesn’t make sense. You can’t secure broken security with just some settings. 
    read https://madaidans-insecurities.github.io/firefox-chromium.html

      • Carlos
      • 2 yrs ago
      • Reported - view

      DynamicNotSlow  Well, all software has weaknesses. Even Linux, Unixes and windows, but my hardening process involves way more than firefox itself. It involves tcp stack hardening (removes a ton of weaknesses), isolation of processes trough containers (removes another ton of weaknesses) and the list goes on ... I use firewalls for applications, network  stack ... Some dns entries are hardcoded and the list goes on ...

      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 yrs ago
      • Reported - view

      Carlos did you read my link? Sure all software have weaknesses but it doesn’t make sense to start with the weakest and think that some settings will result in better result than other products which isn’t the case. 
      hardening need to be done on upstream. User settings are only end in problems, uniqueness in terms of fingerprint and so on

Login to reply

Content aside

  • 2 yrs agoLast active
  • 8Replies
  • 260Views
  • 1 Following