DNSCrypt and ddnsec Chrome complains DNS_PROBE_FINISHED_NXDOMAIN, but can do a nslookup

adigandhi · April 16, 2017, 3:35am

Hi,

I am trying to access some domain, xyz.com lets say. Chrome complains DNS_PROBE_FINISHED_NXDOMAIN
On the router running LEDE, I have dnscrypt and dnssec configured correctly. I think for the most part, I am using dnscrypt.nl, which claims no censorship.

When I do a nslookup on the xyz.com domain, I get the ip address. When I go to the ip address in chrome
https://xxx.xxx.xxx.xx , I get a certificate warning and complaints site might not have a valid certificate.

But when I switch dns to google's dns I don't see this issue. I mean I didn't check what IP address I get there, I will try to check that.

In chrome, I cleaned up dns cache, and disabled advanced dns lookup and prediction to be sure.
Any help /suggestions appreciated.

Attached configs below:

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option dnssec '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
#	option resolvfile '/tmp/resolv.conf.auto'
	option noresolv	1
	option localservice '1'
	option nonwildcard '0'
	list server '127.0.0.1#5354'
	list server '/pool.ntp.org/208.67.222.222'


config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option start '100'
	option limit '50'
	option leasetime '12h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

/etc/config/dnscrypt-proxy

config dnscrypt-proxy ns1
	option address '127.0.0.1'
	option port '5354'
	option resolver 'dnscrypt.nl-ns0'
	option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
	option ephemeral_keys '1'

stangri · April 16, 2017, 4:31am

I'd get in touch with the owners of dnscrypt.nl to confirm there's no problem on their end.

r43k3n · May 10, 2017, 11:11pm

I also get those errors from time to time.
It's usually works to just refresh the website a few seconds later.

tomsrapper · October 23, 2018, 6:52pm

The reason for DNS_PROBE_FINISHED_NXDOMAIN is typically due to a misconfiguration or problem with your DNS. DNS is short for Domain Name System, which helps direct traffic on the internet by connecting domain names with actual web servers. Essentially, it takes a human-friendly request and translates it into a computer-friendly server IP address – like 216.3.128.12.

When a user enters a URL in their web browser, DNS gets to work to connect that URL to the IP address of the actual server. This is called DNS name resolution and involves a DNS recursor querying various nameservers to figure out the actual IP address of a server. If DNS fails to resolve the domain name or address then you might receive the DNS_PROBE_FINISHED_NXDOMAIN error

There are simple steps that can lead to solving these problems. It is likely that you would not require any expert help because you can perform many of these techniques by yourself. The following are some of the steps you can adopt for solving the error DNS_PROBE_FINISHED_NXDOMAIN:

Alter the DNS IP address
Flushing the DNS
Restarting the DNS Client