Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Spotify didn't accept DNS over TLS Traffic from Cloudflare DNS Servers

Spotify didn't accept DNS over TLS Traffic from Cloudflare DNS Servers

Spotify didn't accept DNS over TLS Traffic from Cloudflare DNS Servers

 

Device

(any Devices)

Operating System

(iOS 16.4.1, Android, Windows 10,etc.)

 

My Question or Issue

Spotify didn't accept DNS over TLS Traffic from Cloudflare DNS Servers. Date 2023/04/23

 

Before 2023/04/23 all was fine and work.
I didn't make changes on my Internal Network.

Network Configuration

Public DNS Resolver at Fritz Box 7590 are Public DNS - set Cloudflare DNS 1.1.1.1/1.0.0.1 

DNS over TLS (DoT)
Enabled - Encrypted name resolution on the Internet (DNS over TLS)
Enabled - Enforce certificate verification for encrypted name resolution on the Internet Only allow servers that pass full validation. The setting should only be disabled if the identity of the server is known.

Enabled - Allow fallback to unencrypted name resolution on the Internet If all encrypted servers fail, allow a fallback to unencrypted DNS traffic.


DNS Server Relsolution names
1dot1dot1dot1.cloudflare-dns.com
one.one.one.one

 

This problem only occurred on April 23, 2023. Before that it always worked several years.

 

To fix the problem I had to use a different DNS provider such as Google DNS 8.8.8.8 and turn off DNS over TLS.

 

But I would like to use the Cloudflare DNS servers and above all encrypted DNS connections with DNS over TLS under all circumstances.

Reply
3 Replies

I'm facing the same problem.  I have the FRITZ!Box 7430 box but other than that I have the exact same configuration down to the order of the DNS server resolution names.

However, I'm afraid this is rather a topic for the CloudFlare community forum. I ran nslookup and got "Query refused". A friend of mine tried the exact same and got the actual resolved name back. This seems to be the same situation when compared to this: https://community.cloudflare.com/t/nslookup-returns-query-refused-for-all-microsoft-com-lookups/4395...

Quote from the nslookup docs:

This one has two possible causes. Either your name server does not support inverse queries (older nslookup s only) or an access list is preventing the lookup.

https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch12_07.htm#INDEX-2052

 

I'm also not convinced that this is due to DoT. I'll check back tomorrow

Someone already created a post in CloudFlare's Community forum, they also got "Query refused" in dig, see here (currently no responses): https://community.cloudflare.com/t/1-1-1-1-does-not-resolve-spotify-com/500964

This has now been fixed.

Suggested posts