Not sure if this is the right place.
The last few days I've been experiencing a few issues resolving DNS on my home network. Strangely, rebooting the router seemed to fix it for a time. After running into the issue again I decided to investigate further. I'm using a Mikrotik router with my PC wired in with ethernet cable. The router is using DoH to Quad9 (https://dns.quad9.net/dns-query as per their documentation). I've also imported root certificates for validation.
As of right now, my desktop cannot resolve dns against 9.9.9.9, however it can resolve dns against 1.1.1.1 and 8.8.8.8.
$ dig @9.9.9.9 reddit.com
;; communications error to 9.9.9.9#53: timed out
Interestingly also cannot curl the DoH URL (also a timeout). I thought maybe Quad9 is having issues so I jumped over to my EC2 instance, and I can dig/curl just fine.
I also turned on debug logging on the router, the logs indicate the same issue my desktop is having (timeout errors, sometimes and SSL handshake error).
My question to you all is, have I missed something in my testing/setup, or is Comcast blocking Quad9?
Additional info:
The mikrotik is the latest firmware (6.49.10). I can switch to CloudFlare DoH on the router and it works fine. I can remove the DoH setting entirely and it works. I've got 8.8.8.8 as a static DNS server and the 2 comcast dns servers are dynamic (75.75.75.75 and 75.75.76.76). NTP is setup and the router has the correct date/time/timezone.
As of this writing rebooting the router is no longer temporarily fixing the problem.
Edit:
Thanks u/[email protected] !
Per their post the status page shows issues in my area: https://uptime.quad9.net/
Having similar issues with Quad9. I even had an odd issue today where I could
ping 9.9.9.9
just fine, butdig @9.9.9.9
would time out. That suggested to me that it's an issue with their DNS server specifically, and not the network. I didn't get around to trying from another host, but I think it's less likely to have to do with Comcast specifically as you simply connecting to a different anycast server.The issues are only intermittent for me, they'll come and go. Right now I can resolve against 9.9.9.9 just fine, but who knows how long that'll last until issues crop up again. I had to switch DoH providers temporarily, hopefully everything will be resolved soon.
Edit: Quad9 has posted an update
That seems to be the problem! My traceroute was showing my traffic emerging from Seattle so that makes sense why it was down. Thank you!