Personnal DoT - my own local domain in DNS connectivity check

lexa

Hello,

I'm quite new in DoT, DoH but familiar with DNS in general.
I setup my personal DoT, mostly to get a proper filtering (AdBlock) without root on phone.
I've only one Graphene OS on my setup for now, Pixel8a. After setup DoT (Nginx + pihole + unbound) I configured the phone to use it and it works well. This setup is not the main DNS resolver of my local domain. It can't resolve internal/LAN hosts.
After some time, got random messages about loss of connectivity, which is untrue, connectivity is functional.
I quickly read Graphene doco about those checks, understood about the DNS check, and I can see them in logs.
However I also found some like this one below.

<rdm_string>-dnsotls-ds.dnscheck.grapheneos.org.MY.DOMAIN.COM (not in caps, just to highlight)

Phone is connected on Wifi, part of 'MY.DOMAIN.COM'. But the dot is accessible, and used from public internet.

Someone could explain me why this DNS request contain my local domain ? Maybe something is wrong in my setup...

Any idea about those message of loss of connectivity ? When it happens, I can see those DNS request in logs. With 'other' graphene dns request .

<rdm_string>-dnsotls-ds.dnscheck.grapheneos.org

FYI I'm quite far from Graphene's DNS servers, and un-cached requests can take up to 800ms

Cheers,

GrapheneOS

lexa Something is wrong with your setup.

<rdm_string>-dnsotls-ds.dnscheck.grapheneos.org.MY.DOMAIN.COM (not in caps, just to highlight)

Something seems wrong with your DNS setup. We use the standard Android code for this, not something GrapheneOS specific. We just change the domain based on the connectivity check setting.

FYI I'm quite far from Graphene's DNS servers, and un-cached requests can take up to 800ms

There are 2 sets of DNS servers:

ns1.grapheneos.org is in Quebec, Canada
ns2.grapheneos.org has 3 locations: Las Vegas, New York and Luxembourg with anycast for IPv4

Some DNS resolvers detect and stick with the faster server, others don't and will always randomize it.

FYI I'm quite far from Graphene's DNS servers, and un-cached requests can take up to 800ms

Multiple queries can be required including querying the org TLD to get grapheneos.org info.

lexa

I found where this local domain add come from. It's a PiHole parameter, to 'expand hostname' which normally only do it when the request doesn't have period. But it's not the case. Dono why it's doing it with those requests.

After disabled it, no more local domain in requests. However still some fail in the connectivity checks. I continue to monitor it. Switched to google check see how it goes.
I'm in the south hemisphere, so even with your 3 servers I'll still have a big latency.

Cheers,