-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UnifiOS UDM SE NextDNS CLI Unreliable #906
Comments
Just in case you ask, here's the log output:
None of this is me starting or stopping the daemon btw |
Something seems to be sending the deamon a TERM signal. Any clue what that could be? Are you running any other custom software on the router? |
I have no idea. I am not running anything else on the router. |
No it won’t. You won’t gave any blocking nor profile and none of cli features. |
That is what I figured, bummer. I am also a software dev, though not as skilled in golang. If there's anything I can do to help debug this issue I'll do it. I'm considering doing a full wipe on the UDM back to factory this weekend just to see if that helps. It hasn't been wiped in probably 5 years. |
Do you seen anything in the system logs around the nextdns log line setting it is receiving a term signal? |
Not that I can tell but I do see tons of these entries all over the /var/log/daemon.log:
This is after I turned debug mode on btw in the config |
Last weekend I completely wiped the UDM SE back to factory and re-set it up with generic settings, just enough to get everything working. I setup nextdns again and I'm seeing the same behavior. If there's no solution to this I can just swap over to the DNS Shield and forgo lan reporting, profiles, and blocking. I mainly use the service for DoH :/ |
I updated my UDM SE TO 3.2.12 and saw my NextDNS stop working also. No matter how I tried I couldn’t get it to come back via the command line. my ISP uses PPPoE, so I was running the UDM SE in double NAT via a DMZ. When I switched back to having the UDM SE do the PPPoE session it still didn’t work. My ISP has dual stack IPv6 implemented, so I enabled that at the WAN settings and run the IPv6 profile as indicated on the setup page at my.nextdns for each VLAN as a DHCP handout and it’s been a working work-around, mostly. |
same errors as @zetas - I restored to prior config, re-installed and it re-broke again so i re-re-restored and didn't apply nextdns config but instead switched to the built in DoH and ad blocking. I'd still rather have nextdns, but something is broken. I too run dual stack. I'd be fine running dns shield too if i could just associate my ID |
@supernovae i think you can if you setup Nextdns with your public ip. Then it will associate requests from it with your profile. |
Hi there! Just wanted to report that I am seeing NextDNS CLI edition absolutely hammer my routers CPU to the point where the router stops responding to other traffic. My sincere apologies for not having logs because I had to uninstall the NextDNS CLI to get back online. I am seeing the same "DoH Resolve: Context deadline exceeded" in the configuration output text box in LuCI. I had this happen several times over the last week or so. OpenWrt 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-24.048.61449-c66fc92 I used the default config settings supplied with the NextDNS CLI. EDIT/UPDATE: I think this race condition occurred potentially because of an ISP issue combined with my own config. I was forcing all DNS calls on the LAN segment to hit the router interface no matter the internal origin; additionally, the IPv6 service from my ISP became unstable/non-responsive which lead to a race condition on ipv6 arpa reverse lookups. My ISP uses a 6RD tunnel for IPv6 which I am finding is not stable during high traffic hours of the day/weekend. |
Seeing the same issues re: CPU and had t uninstall NextDNS to get back online after several bumps offline. All CPU spike times coincide with drops, which my PDU restarted. I've just uninstalled the CLI and set up a crontab curl to auto-update my IP. No device names in the logs, sadly, but it's better than nothing. |
If you turn on query logging, do you see anything particular in the nextdns log when this happens? |
Re CPU load, this seems to be also my issue (#925 (comment)). |
I’m having the same issues. It works intermittently, but the status will occasionally drop out, several times a minute, and it lets ads through when the DNS falls back to CloudFlare. |
@wmorrel anything interesting in the logs? |
@rs Happy to check. What sort of log settings do I need to adjust and where do I check the output (/var/log/daemon.log ?)? |
You can check the output of |
Context
I've been a nextdns pro user for 1.5 years and ever since day 1 I've had issues with the CLI. I'm finally at my wits end here. I've been on UnifiOS and a UDM Pro or UDM SE the whole time. The install will go through without issue, the UI will show as working and everything is gravy. Except at some point in the next few days or weeks or months it will just silently stop working and my DNS will leak to the ISP. I'll mosey on over just to check the status on the UI only to find that I have not been sending traffic to nextdns for days. This is incredibly frustrating.
I am aware that installing a new version of unifiOS will stop and/or remove nextdns. I have automatic updates turned off. I do them manually and then immediately SSH in and re-install nextdns. I have tried enabling debug mode, pouring over the logs, there does not appear to be any reason for the failure.
So this brings us to now. I finally decided to setup a cron job on the UDM to run
nextdns status
and pipe the results to a backend service that will report success if the output is "running" and failure if it reports anything else. I have this set to run hourly and since then I've had these failuresI installed this cronjob early this morning and even in the few runs that it's had, it's already failed a few times. This is consistent with my spot checking throughout my time with nextdns. Sometimes I'll run "nextdns status" manually and it'll say "not running" then I run it again and it'll say "running". This is opposite of confidence. For a privacy product, this is a bit concerning.
Some sanity checks:
Here's a screenshot of the security settings just for confirmation:
I have no custom firewall rules, only 1 network, no vlans. It's almost entirely a vanilla setup.
Here is the nextdns config:
Is there anything I can do to enhance the reliability of this system? I love nextdns and want to keep using it but if it regularly drops and leaks requests it becomes much less useful and certainly not worth paying for :(
The text was updated successfully, but these errors were encountered: