What's new

Nest Protect cannot connect with DoT enabled - RT-AX88U 384.18

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I got it installed, rebooted twice already and it still connects fine. The problem is not consistent though, sometimes after a reboot it will connect fine and sometimes it won't until I turn off DoT, so I'll have to keep rebooting to see if the issue happens again,
 
I got it installed, rebooted twice already and it still connects fine. The problem is not consistent though, sometimes after a reboot it will connect fine and sometimes it won't until I turn off DoT, so I'll have to keep rebooting to see if the issue happens again,
Well at least we're off to a good start :)
 
I would really be interested to know what @RMerlin thinks about all this. While it's great we have a workaround, the getdns patch is the correct behavior according to spec. I feel like there has to be a better option.
 
I would really be interested to know what @RMerlin thinks about all this. While it's great we have a workaround, the getdns patch is the correct behavior according to spec. I feel like there has to be a better option.

I don't think anything at all, as I haven't looked at it.

I would have a look at the latest getdns and dnsmasq git code to see if there's any fix upstream.
 
I don't think it's a bug, so I don't expect any upstream "fixes". I was thinking along the lines of config options... but I don't even know what to suggest. I mean, the IoT devices are bad DNS clients that don't follow spec. The only thing that could help and not be an ugly hack would be some kind of response compression on the stubby side, or an option to strip dnssec keys if you know you're not going to use them. Something to legitimately reduce the response size, even though it's just kicking the can down the road.
 
Or you accept the backout as the 'hack' (it was without this change up to Feb of this year). Or you can try contacting each of the IoT mfg and convince them to fix their clients. It wouldn't be the first time a router had to do something to accommodate 'bad' clients. My feeling is that what you are suggesting is worse.

And....I'm not convinced yet that there isn't something else going on. It shows up for me in OpenVPN trying to resolve it's server names. I don't think of OpenVPN as a bad client.
 
Just to update, SmartThings has been reconnecting fine every time I've rebooted it or the router with the test firmware and DoT enabled. I'll keep playing with it to see if I can get it to fail but so far, the results look promising,
 
Really interesting discussion here, even if I don't use Nest or SmartThings, I do have an Arlo system. I went through a similar trouble period last fall (2019) with DoT and one of the Arlo firmware updates that broke DNS resolution for the Arlo system for a short period: the temporarory workaround was to exclude the Arlo from the DoT setup (DNS Filter exclusion), until they released a subsequent firmware that fixed it. Nice to see a bit more background on what was the likely root cause.
 
I tried that actually. Removed from my account, full factory reset. It fails when trying to add back. Best guess is the device can't communicate at the last stage when ashociating with the account (P009 0.80 error).

I guessed at the root problem really. Tried it with my laptop as a hotspot and ran Wireshark. I saw a DNS resolution failure to a nest domain from the device, and it resulted in the same error.

Started playing with the router DNS config, and it worked after I disabled DoT. I was able to add back the device and all my others came back online.

Thanks for tip. After I disabled DoT, I was able to reconnect my Nest Connect again.
 
Just to update, SmartThings has been reconnecting fine every time I've rebooted it or the router with the test firmware and DoT enabled. I'll keep playing with it to see if I can get it to fail but so far, the results look promising,

Man, I have such short memory ... I participated in this thread, but forgot about it when I recently got a SmartThings device and noticed some minor upstream connection issues. I'm going to flash @john9527 custom 384.18 firmware and ensure my new SmartThings device can connect without issues.

Does anyone have any update on whether this custom fix will get pushed up to RMerlin mainline?
 
@CriticJay I don't think you have a john9527 supported router to flash to?
 
RT-AC66U-B1
Merlin 384.18
I see my two Nest Protect devices have not connected in 29 days - which I think is when I did a factory reset and installed 384.18. My router is set to use CloudFlare with DoT. Today I reprogrammed the Guest WiFi connection of both Nest Protects through the iOS app, which was reported as successful, however both are still "offline" after thirty minutes. I'm now trying to connect both Nest Protect devices using DNSFilter to custom setting 8.8.8.8 (e.g.: Google DNS).

UPDATE: ~6 hours after the above changes with iOS Nest app continuing to report both devices "offline", then I heard the Nest Protects run a sound check and since that iOS Nest app says both are connected to WiFi.

UPDATE 2: I confirmed this by testing again: using CloudFlare DoT, DNSFilter Custom setting to 8.8.8.8 for Nest Protect devices gets them connected (tested by disabling this DNSFilter setting and saw next day that both Nest Protect device disconnected; then enabling this DNSFilter setting and they reconnected).
 
Last edited:
That's an unrelated issue. I think what's going on here has been well identified at this point. The question is how to deal with it.

I've posted on the issue in getdns's project, but no solution has yet been proposed.

 
@john9527 @RMerlin

I don't know how much further testing is needed, but I have used John's custom AC86U build of 384.18 for the last 14-15 hours without any issue. Both Samsung SmartThings and Google Nest IoT are continuing to function normally.
 
The getdns dev replied in the issue. He has suggested he's going to add name compression and a config option to disable truncation.
 
@john9527 @RMerlin

I don't know how much further testing is needed, but I have used John's custom AC86U build of 384.18 for the last 14-15 hours without any issue. Both Samsung SmartThings and Google Nest IoT are continuing to function normally.
Thats good to know. My nest connect keeps disconnecting when DoT is enabled. I have to disabled and readd it during this time. Once its back online, I enable DoT again but it will drop out eventually and will show offline again.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top