Next DNS Connectivity Issues

Olivier Poitrey

The Next DNS Windows Client is trying to connect to the vultr  server and it says the domain is not trusted and I am seeing unknown host messages from Cloudflare as well.

Endpoint failed: dns1.nextdns.io: x509: certificate signed by unknown authority

Endpoint failed: dns2.nextdns.io: x509: certificate signed by unknown authority

Endpoint failed: d1xovudkxbl47e.cloudfront.net: context deadline exceeded

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • ditto on x509: certificate signed by unknown authority error.

    using YogaDNS on win7pro64,

    ~12hours ago, was functioning as expected

    (except subtle Chrome-only issue of complaints about some non-secure sites that in fact were connecting https [e.g. https://Duckduckgo.com]; uncertain if related)

    this a.m. YogaDNS versions 1.16 and now latest 1.19, both complain of x509 when using linked NextDNS;


    the fact I am here now, using Quad9 in YogaDNS suggests something is amiss within NextDNS(?)

    Also, also: previously added (months ago) to (user/local)Trusted Root certificate store the NextDNS certificate, which previously DID resolve the x509 issue.

    • Ceyarrecks W. (CAH) please make sure your trust store is up to date. 

      Check the windows certificate automatic updater is enabled.

    • NextDNS sooo,... this certificate updater answers why Quad9 works, yet NextDNS does not?

    • Ceyarrecks W. (CAH) because of this: https://twitter.com/NextDNS/status/1399363914043990020

      Like 1
    • Like
    • NextDNS ah. right. subtle switch on NextDNS-side. makes sense in at least my case of pinned cert. Remind me again how one obtains NextDNS' new cert to replace the previous certificate?

    • Ceyarrecks W. (CAH) through assistance of YogaDNS Staff, here is how to:

      1. NOT involve MicroFlaccid

      2. Manually install LetsEncrypt's certificate locally, which resolves at least the use of NextDNS+YogaDNS:

      to add(Install) LetsEncrypt Certificate:

       from: https://crt.sh/?id=3958242236

       scroll down on left-hand side of screen find: "Download Certificate: PEM" ...
       click PEM link, one will be presented with "Opening 3958242236.crt" dialog box ...
       click Save File button to save locally,...
        (i chose to rename to)LetsEncrypt ISRG Root X1(3958242236).crt
       then select locally saved certificate...
       right-click Install...
       the Certificate Import Wizard appears...
       press [Next>] Button...
       press radio button for "Place all certificates in following store"
       then press button [Browse...]
       select "Trusted Root Certificate Authorities"
       press [OK] button
       press [Next>] Button...
       press [Finish] Button

      Lastly, re-add NextDNS' Configuration ID ##### into YogaDNS, Next, Finish;

      [06.03 09:30:08] DNS Server Checker: Server NextDNS (NextDNS): OK, rtt=921 ms
      [06.03 09:30:08] DNS Server Checker: Server NextDNS (NextDNS): OK, rtt=88 ms

      installation succeeded, secure browsing restored using NextDNS & YogaDNS.

      Like 1
  • Similar here... the whole family went up on me.

    The move, whatever it was from NextDNS was not smooth and transparent and that is not cool.

    Like 1
Like2 Follow
  • 1 yr agoLast active
  • 8Replies
  • 356Views
  • 4 Following