0

Mikrotik: DoH server connection error: Idle timeout - connecting

Hi, @nextdns

 

I'm frequently seeing "DoH server connection error: Idle timeout - connecting" errors on my RB5009 Mikrotik's 7.1x log.
 

I tried setting, both TCP and DoH, max server connections to 10 or 20, and max concurrent queries to 500 or 1000, but still got the same errors. DoH timeout is 5 s (5.000 ms).

 

Apparently I can't reach out dns2.nextdns.io (45.90.30.0)

 

I have no timeouts if I switch to Cloudflare DoH or Google DoH.

 

https://ping.nextdns.io/

■ edgeuno-cwb                7 ms  (anycast1)
  edgeuno-cwb (IPv6)         7 ms  (anycast1)
  vultr-sao                 14 ms
  anexia-sao                15 ms  (ultralow2)
  zepto-sao (IPv6)          15 ms
  anexia-rio                20 ms
  anexia-rio (IPv6)         24 ms
  zepto-sao                 25 ms
  vultr-sao (IPv6)          27 ms  (anycast2)
  anexia-sao (IPv6)         29 ms  (ultralow2)
  edgeuno-sao (IPv6)        36 ms
  edgeuno-bsb               39 ms
  edgeuno-sao               41 ms
  edgeuno-rio (IPv6)        42 ms
  edgeuno-poa               43 ms  (ultralow1)
  edgeuno-bsb (IPv6)        44 ms
  edgeuno-poa (IPv6)        51 ms  (ultralow1)
  edgeuno-rio               52 ms
  edgeuno-ssa               58 ms
  edgeuno-ssa (IPv6)        95 ms
  anycast.dns2.nextdns.io   error  (anycast2)

 

 

https://nextdns.io/diag/919b9bd0-dccf-11ef-91bb-efb077657c82

Secondary: err: Get "https://dns.nextdns.io/info": dial tcp 45.90.30.0:443: connect: connection timed out (0 ms)
1****
2187-55-98-1.user3p.v-tal.net.br (187.55.98.1)1 ms2 ms1 msAS8167 V tal
3100.120.36.31 ms3 ms2 ms
4100.120.20.3923 ms14 ms13 ms
5****
...
20****

 

 

Thanks in advance,

Rodrigo

4 replies

null
    • rsn86
    • 3 wk ago
    • Reported - view

    Hi @NextDNS / @nextdns_network ,

    I've contacted my ISP and they fixed the IPv4 routing to anycast.dns2.nextdns.io but now the anycast is redirecting to higher latency servers then it should (AMS instead of SAO or RIO and BSB).

    Can you please adjust it?

    https://nextdns.io/diag/eaa76a10-df2c-11ef-b1b6-8d88e2ece88a

    https://ping.nextdns.io/

    ■ edgeuno-cwb          14 ms  (anycast1)
  anexia-sao           16 ms
  zepto-sao            16 ms
  vultr-sao            18 ms  (ultralow2)
  edgeuno-cwb (IPv6)   18 ms  (anycast1)
  anexia-rio (IPv6)    21 ms
  zepto-sao (IPv6)     21 ms
  anexia-sao (IPv6)    24 ms
  anexia-rio           25 ms
  vultr-sao (IPv6)     27 ms  (ultralow2)
  edgeuno-sao          39 ms
  edgeuno-bsb (IPv6)   39 ms
  edgeuno-bsb          41 ms
  edgeuno-sao (IPv6)   43 ms
  edgeuno-rio (IPv6)   46 ms
  edgeuno-rio          46 ms
  edgeuno-poa          50 ms  (ultralow1)
  edgeuno-poa (IPv6)   53 ms  (ultralow1)
  edgeuno-ssa          64 ms
  edgeuno-ssa (IPv6)  109 ms
  vultr-ams           206 ms  (anycast2)
  vultr-ams (IPv6)    235 ms  (anycast2)

    Thanks,
    Rodrigo

    • rsn86
    • 2 wk ago
    • Reported - view

    Using DoH I'm able to force it to use anycast1 with single digit latency.

    I had to restrict it only to anycast1 because anycast2 is across the ocean,

    with a 20x higher latency.

     

    But I can't enforce my profile on a fixed server over TLS or QUIC (natively on android).

    Automatically, ultralow isn't picking the closest server.

     

      edgeuno-cwb           9 ms  (anycast1)
  edgeuno-cwb (IPv6)   15 ms  (anycast1)
  zepto-sao (IPv6)     16 ms
  vultr-sao            16 ms  (ultralow1)
  zepto-sao            18 ms
  edgeuno-rio          42 ms
  anexia-sao (IPv6)    43 ms
  edgeuno-sao          59 ms  (ultralow2)
  anexia-rio           61 ms
■ vultr-sao (IPv6)     64 ms  (ultralow1)
  edgeuno-sao (IPv6)   66 ms  (ultralow2)
  edgeuno-poa          68 ms
  anexia-sao           68 ms
  edgeuno-rio (IPv6)   73 ms
  edgeuno-ssa          73 ms
  anexia-rio (IPv6)    78 ms
  edgeuno-bsb (IPv6)   79 ms
  edgeuno-bsb         104 ms
  edgeuno-poa (IPv6)  137 ms
  edgeuno-ssa (IPv6)  195 ms
  vultr-ams (IPv6)    268 ms  (anycast2)
  vultr-ams           271 ms  (anycast2)

     

    Please, take a look on both issues (anycast2 and ultralow). 

     

    Thanks, 

    Rodrigo

    • Ross.1
    • 6 days ago
    • Reported - view

    Hi Rodrigo

    If you write in the static DNS address 45.90.30.0 and 45.90.28.0 as well as IPv6, you force the router Mikrotik itself to go to this IP to receive responses from DNS servers even if it is not optimal in speed or proximity, look for the IP address that you get the best in the tests and enter it in the router settings.

      • rsn86
      • 5 days ago
      • Reported - view

      Hi  , thanks for your answer.

      I already did that, only the IPs (v4 and v6) of anycast1 (edgeuno-cwb) are set on static entries.
      But this is just an workaround, because there is no fallback in case edgeuno-cwb is unreachable.

      With mobile devices, that sometimes are outside my home network, I can force it setting the DoH URL to https://anycast.dns1.nextdns.io/<profileID>/<deviceName> or even more specifically
      https://ipv4-edgeuno-cwb-1.edge.nextdns.io/<profileID>/<deviceName>/dns-query
      Because anycast.* points to different servers on different network carriers. I got it from: https://router.nextdns.io/

      But Android uses DoT/DoQ natively for which I wasn't able to both, pick a specific server and enforce my profile, so I choose enforcing my profile and keep the regular URL.
      With DoT/DoQ I never get the best servers, even when using home's wifi.
      To use DoH on android I had to install a third part app that works like an VPN and thus conflicts with any other VPN I need to use.

      Another issue is the total lack of support from NextDNS to its customers.

      Kind regards,
      Rodrigo

Login to reply

Content aside

  • 4 days agoLast active
  • 4Replies
  • 212Views
  • 2 Following