AdGuard Windows 11 – Bootstrap DNS forces Dubai instead of Sofia

Home_user1
updated yesterday
10replies

Hello,

I am using the AdGuard client on Windows 11. In AdGuard, you can configure Bootstrap DNS separately from the main DoH3 server.

When I set Bootstrap DNS (for example Gcore in Bulgaria) and then configure NextDNS with DoH3 (h3://45.90.30.0/dns-query), the bootstrap resolution of dns.nextdns.io always returns IPs in Dubai (95.174.68.136, 37.252.245.241).

This creates a serious latency problem:

Ping to Dubai is ~192–330 ms.
Ping to Sofia is only ~36–37 ms.

If I hard‑code the Sofia IPs (45.90.28.0, 45.90.30.0) directly in AdGuard, everything works fine and latency is excellent. The issue only appears when bootstrap is used with dns.nextdns.io — then Anycast directs me to Dubai instead of Sofia.

Could you please investigate why bootstrap resolution in my region (Baku, Azerbaijan) prefers Dubai, and whether routing can be adjusted so that dns.nextdns.io resolves to the Bulgarian nodes for users here?

“From the user perspective this breaks functionality, because bootstrap DNS forces Dubai instead of Sofia, even though Sofia is much closer.”

: “Technically this may be a routing issue (BGP decision), but from the user perspective it behaves like a bug, because bootstrap DNS always sends traffic to Dubai instead of Sofia.”

Thank you.

ping 95.174.68.136

Pinging 95.174.68.136 with 32 bytes of data:
Reply from 95.174.68.136: bytes=32 time=192ms TTL=48
Reply from 95.174.68.136: bytes=32 time=192ms TTL=48
Reply from 95.174.68.136: bytes=32 time=192ms TTL=48
Reply from 95.174.68.136: bytes=32 time=193ms TTL=48

Ping statistics for 95.174.68.136:
Packets: Sent = 4, Received = 4, Lost = 0
(0% loss)
Approximate round trip times in milliseconds:
Minimum = 192ms, Maximum = 193ms, Average = 192ms

ping 37.252.245.241

Pinging 37.252.245.241 with 32 bytes of data:
Reply from 37.252.245.241: bytes=32 time=333ms TTL=49
Reply from 37.252.245.241: bytes=32 time=323ms TTL=49
Reply from 37.252.245.241: bytes=32 time=306ms TTL=49
Reply from 37.252.245.241: bytes=32 time=332ms TTL=49

Ping statistics for 37.252.245.241:
Packets: Sent = 4, Received = 4, Lost = 0
(0% loss)
Approximate round trip times in milliseconds:
Minimum = 306ms, Maximum = 333ms, Average = 323ms

& "C:\Users\adale\scoop\apps\bind\current\bin\dig.exe" dns.nextdns.io "@95.85.95.85"

; <<>> DiG 9.16.50 <<>> dns.nextdns.io @95.85.95.85
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24799
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dns.nextdns.io. IN A

;; ANSWER SECTION:
dns.nextdns.io. 243 IN CNAME steering.nextdns.io.
steering.nextdns.io. 60 IN A 95.174.68.136
steering.nextdns.io. 60 IN A 37.252.245.241

;; Query time: 36 msec
;; SERVER: 95.85.95.85#53(95.85.95.85)
;; WHEN: Sat Mar 14 00:25:56 ;; MSG SIZE rcvd: 98

- NextDNs
- yesterday
- Reported - view
Please provide a https://nextdns.io/diag
- Home_user1
  
  yesterday
  
  Reported - view
  “NextDNS diagnostic tool confirms that bootstrap DNS resolves dns.nextdns.io to Dubai nodes (~190ms), while direct anycast IPs in Sofia give ~36ms latency. This mismatch breaks functionality for users in Azerbaijan.” ?
  
  Welcome to NextDNS network diagnostic tool.
  
  This tool will capture latency and routing information regarding
  the connectivity of your network with NextDNS.
  
  The source code of this tool is available at https://github.com/nextdns/diag
  
  Do you want to continue? (press enter to accept)
  
  Testing IPv6 connectivity
  available: false
  Fetching https://test.nextdns.io
  Fetch error: Get "https://test.nextdns.io": dial tcp 37.252.247.133:443: connectex: An attempt was made to access a so cket in a way forbidden by its access permissions.
  Fetching PoP name for ultra low latency primary IPv4 (ipv4.dns1.nextdns.io)
  Fetch error: Get "https://dns.nextdns.io/info": dial tcp 95.174.68.136:443: connectex: An attempt was made to access a s ocket in a way forbidden by its access permissions.
  Fetching PoP name for ultra low latency secondary IPv4 (ipv4.dns2.nextdns.io)
  Fetch error: Get "https://dns.nextdns.io/info": dial tcp 37.252.245.241:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions.
  Fetching PoP name for anycast primary IPv4 (45.90.28.0)
  Fetch error: Get "https://dns.nextdns.io/info": dial tcp 45.90.28.0:443: connectex: An attempt was made to access a sock et in a way forbidden by its access permissions.
  Fetching PoP name for anycast secondary IPv4 (45.90.30.0)
  Fetch error: Get "https://dns.nextdns.io/info": dial tcp 45.90.30.0:443: connectex: An attempt was made to access a sock et in a way forbidden by its access permissions.
  Pinging PoPs
  error: Get "https://router.nextdns.io/?limit=10&stack=dual": dial tcp 192.178.24.51:443: connectex: An attempt was mad e to access a socket in a way forbidden by its access permissions.
  Traceroute for ultra low latency primary IPv4 (95.174.68.136)
  1 192.168.100.1 50ms 1ms 2ms
  2 10.221.235.254 4ms 3ms 3ms
  3 10.8.29.98 4ms 8ms 4ms
  4 10.8.32.129 5ms 4ms 4ms
  5 10.8.32.115 5ms 5ms 7ms
  6 10.8.52.7 5ms 5ms 5ms
  7 109.235.192.141 6ms 6ms 5ms
  8 10.240.164.38 6ms 6ms 5ms
  9 * * *
  10 5.154.154.126 186ms 187ms 185ms
  11 102.217.165.134 190ms 189ms 189ms
  12 95.174.68.136 187ms 188ms 187ms
  Traceroute for ultra low latency secondary IPv4 (37.252.245.241)
  1 192.168.100.1 1ms 1ms 1ms
  2 10.221.235.254 3ms 3ms 3ms
  3 10.8.29.98 5ms 4ms 4ms
  4 10.8.32.129 3ms 4ms 4ms
  5 10.8.32.115 4ms 4ms 4ms
  6 10.8.52.7 5ms 5ms 5ms
  7 109.235.192.141 10ms 6ms 7ms
  8 10.240.3.34 8ms 6ms 8ms
  9 184.104.192.93 69ms 70ms 68ms
  10 184.105.80.36 81ms 79ms 78ms
  11 * * *
  12 184.105.80.14 * 81ms *
  13 216.66.85.170 85ms 85ms 87ms
  14 134.0.217.210 192ms * 193ms
  15 213.202.6.193 200ms * *
  16 213.202.2.1 198ms 201ms 198ms
  17 37.252.245.241 189ms 189ms 193ms
  Traceroute for anycast primary IPv4 (45.90.28.0)
  1 192.168.100.1 1ms 1ms 1ms
  2 10.221.235.254 4ms 3ms 4ms
  3 10.8.29.98 5ms 4ms 4ms
  4 10.8.32.129 4ms 4ms 4ms
  5 10.8.32.115 4ms 4ms 3ms
  6 10.8.52.7 6ms 5ms 6ms
  7 109.235.192.141 7ms 6ms 5ms
  8 10.240.164.38 7ms 6ms 6ms
  9 * * *
  10 80.249.212.38 79ms 79ms 79ms
  11 * * *
  12 * * *
  13 192.248.130.47 79ms 78ms 78ms
  14 45.90.28.0 79ms 78ms 77ms
  Traceroute for anycast secondary IPv4 (45.90.30.0)
  1 192.168.100.1 4ms 1ms 1ms
  2 10.221.235.254 5ms 4ms 3ms
  3 10.8.29.98 4ms 4ms 4ms
  4 10.8.32.129 4ms 4ms 4ms
  5 10.8.32.115 7ms 4ms 4ms
  6 10.8.52.7 6ms 6ms 5ms
  7 109.235.192.141 8ms 6ms 5ms
  8 10.240.164.38 6ms 8ms 5ms
  9 185.1.226.169 38ms 37ms 36ms
  10 45.90.30.0 36ms 36ms 37ms
- Home_user1
  
  18 hrs ago
  
  Reported - view
  Hello. my previously comment with DxDiag results:
  
  Home_user1 5 hrs ago pending review
- NextDNs
  
  17 hrs ago
  
  Reported - view
  please make sure it id execute as root/admin and submit the result then paste the URL here
- Home_user1
  
  15 hrs ago
  
  Reported - view
  https://nextdns.io/diag/21508f80-1fb7-11f1-87cd-3727dab7286b
- Home_user1
  
  15 hrs ago
  
  Reported - view
  Done. link added,
  
  Home_user1 now pending review
- NextDNs
  
  9 hrs ago
  
  Reported - view
  you DNS resolution seems broken. Can you please run the diag again with nextdns disabled?
- Home_user1
  
  8 hrs ago
  
  Reported - view
  yes, please
- Home_user1
  
  8 hrs ago
  
  Reported - view
  please, https://nextdns.io/diag/7c2f01a0-1ff5-11f1-b311-6d5761a410ff
- Home_user1
  
  8 hrs ago
  
  Reported - view
  Done. I'm send. Home_user1 now .pending review

Content aside

5 hrs agoLast active
10Replies
34Views
2 Following

AdGuard Windows 11 – Bootstrap DNS forces Dubai instead of Sofia

10 replies

Content aside

Home

Tags