2

Next DNS Connectivity Issues

Olivier Poitrey

The Next DNS Windows Client is trying to connect to the vultr  server and it says the domain is not trusted and I am seeing unknown host messages from Cloudflare as well.

Endpoint failed: dns1.nextdns.io: x509: certificate signed by unknown authority

Endpoint failed: dns2.nextdns.io: x509: certificate signed by unknown authority

Endpoint failed: d1xovudkxbl47e.cloudfront.net: context deadline exceeded

8 replies

null
    • Christopher_H
    • 2 yrs ago
    • Reported - view

    ditto on x509: certificate signed by unknown authority error.

    using YogaDNS on win7pro64,

    ~12hours ago, was functioning as expected

    (except subtle Chrome-only issue of complaints about some non-secure sites that in fact were connecting https [e.g. https://Duckduckgo.com]; uncertain if related)

    this a.m. YogaDNS versions 1.16 and now latest 1.19, both complain of x509 when using linked NextDNS;

    HOWEVER,

    the fact I am here now, using Quad9 in YogaDNS suggests something is amiss within NextDNS(?)

    Also, also: previously added (months ago) to (user/local)Trusted Root certificate store the NextDNS certificate, which previously DID resolve the x509 issue.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Ceyarrecks W. (CAH) please make sure your trust store is up to date. 

      Check the windows certificate automatic updater is enabled.

      • Christopher_H
      • 2 yrs ago
      • Reported - view

      NextDNS sooo,... this certificate updater answers why Quad9 works, yet NextDNS does not?

      • NextDNs
      • 2 yrs ago
      • Reported - view

      Ceyarrecks W. (CAH) because of this: https://twitter.com/NextDNS/status/1399363914043990020

      • NextDNs
      • 2 yrs ago
      • Reported - view
      • Christopher_H
      • 2 yrs ago
      • Reported - view

      NextDNS ah. right. subtle switch on NextDNS-side. makes sense in at least my case of pinned cert. Remind me again how one obtains NextDNS' new cert to replace the previous certificate?

      • Christopher_H
      • 2 yrs ago
      • Reported - view

      Ceyarrecks W. (CAH) through assistance of YogaDNS Staff, here is how to:

      1. NOT involve MicroFlaccid

      2. Manually install LetsEncrypt's certificate locally, which resolves at least the use of NextDNS+YogaDNS:


      to add(Install) LetsEncrypt Certificate:

       from: https://crt.sh/?id=3958242236


       scroll down on left-hand side of screen find: "Download Certificate: PEM" ...
       click PEM link, one will be presented with "Opening 3958242236.crt" dialog box ...
       click Save File button to save locally,...
        (i chose to rename to)LetsEncrypt ISRG Root X1(3958242236).crt
       then select locally saved certificate...
       right-click Install...
       the Certificate Import Wizard appears...
       press [Next>] Button...
       press radio button for "Place all certificates in following store"
       then press button [Browse...]
       select "Trusted Root Certificate Authorities"
       press [OK] button
       press [Next>] Button...
       press [Finish] Button

      Lastly, re-add NextDNS' Configuration ID ##### into YogaDNS, Next, Finish;
      Done.

      [06.03 09:30:08] DNS Server Checker: Server NextDNS (NextDNS): OK, rtt=921 ms
      [06.03 09:30:08] DNS Server Checker: Server NextDNS (NextDNS): OK, rtt=88 ms

      installation succeeded, secure browsing restored using NextDNS & YogaDNS.

    • crssi
    • 2 yrs ago
    • Reported - view

    Similar here... the whole family went up on me.

    The move, whatever it was from NextDNS was not smooth and transparent and that is not cool.

Content aside

  • 2 Likes
  • 2 yrs agoLast active
  • 8Replies
  • 475Views
  • 4 Following