nextdns / diag Goto Github PK

Network diagnostic tool

License: MIT License

Go 81.90% Shell 18.10%

diag's Introduction

NextDNS CLI Client

NextDNS CLI is a command-line tool that allows you to use NextDNS's DNS-over-HTTPS (DoH) service with advanced capabilities. Although the most advanced features will only work with NextDNS, this program can work as a client for any DoH provider or a mix of NextDNS + another DNS (split horizon).

This CLI is mostly aimed at routers and UNIX based systems, but it is also a great client for Windows and macOS, especially for people who prefer a fully open-source client and don't mind the lack of a GUI.

See the wiki for installation and usage instructions.

diag's People

Contributors

Stargazers

Watchers

Forkers

maghuro bpjones cocoflan timestee azurecloudmonk ancientcatz tosunkaya unimol ekmixon spencerisgiddy vaginessa couldf

diag's Issues

IPv6 address times out and fails to detect IPv6 connectivity

I noticed that the diag tool fails to detect my IPv6 connectivity. Upon closer inspection the issue seems to be the default IP address that is used to detect this:

$ nc -vz 2a00:1450:4007:80a::2013 80  # default IP
nc: connect to 2a00:1450:4007:80a::2013 port 80 (tcp) failed: Connection timed out

$ nc -vz 2a00:1450:400e:811::200e 80  # random google.com IP
Connection to 2a00:1450:400e:811::200e 80 port [tcp/http] succeeded!

When running the tool with the Google IP address, it correctly detects IPv6 connectivity:

Testing IPv6 connectivity
  available: true

Post unsuccessful: Post "http://localhost:8081/diagnostic": dial tcp [::1]:8081: connect: connection refused

Marks-Work-Mac-Mini:rolling_update markyang$ sh -c 'sh -c "$(curl -sL https://nextdns.io/diag)"'

Welcome to NextDNS network diagnostic tool.

This tool will download a small binary to capture latency and routing information
regarding the connectivity of your network with NextDNS. In order to perform a
traceroute, root permission is required. You may therefore be asked to provide
your password for sudo.

The source code of this tool is available at https://github.com/nextdns/diag

Do you want to continue? (press enter to accept)
Testing IPv6 connectivity
available: false
Fetching https://test.nextdns.io
status: ok
client: 116.86.57.141
protocol: UDP
dest IP: 45.90.30.28
server: anexia-fra-1
Traceroute for primary IPv4 (45.90.28.0)
1 192.168.0.1 0ms 0ms 0ms
2 183.90.60.1 2ms 2ms 2ms
3 183.90.44.117 2ms 2ms 4ms
4 183.90.44.45 2ms 2ms 2ms
5 203.118.6.201 5ms 5ms 3ms
6 203.118.4.136 3ms 2ms 2ms
7 103.137.13.169 3ms 2ms 2ms
8 103.137.13.27 2ms 2ms 2ms
9 103.137.13.18 2ms 2ms 3ms
10 45.90.28.0 2ms 3ms 2ms
Traceroute for secondary IPv4 (45.90.30.0)
1 192.168.0.1 0ms 0ms 0ms
2 183.90.60.1 2ms 2ms 3ms
3 183.90.44.61 3ms 2ms 2ms
4 183.90.44.41 2ms 2ms 5ms
5 203.118.3.65 2ms 4ms *
6 203.118.6.25 2ms 3ms 3ms
7 203.117.35.78 3ms 3ms 2ms
8 203.118.6.33 3ms 3ms 2ms
9 203.118.12.46 3ms 3ms 2ms
10 80.249.213.102 167ms 167ms 167ms
11 144.208.208.156 165ms 165ms 165ms
12 144.208.208.211 173ms 173ms 174ms
13 45.90.30.0 173ms 173ms 173ms
Fetching PoP name for primary IPv4 (45.90.28.0)
gsl-sin: 291.2µs
Fetching PoP name for secondary IPv4 (45.90.30.0)
anexia-fra: 16.5505ms
Pinging PoPs
rix-sin: 330.4µs
gsl-sin: 400µs
vultr-sin: 354.4µs
anexia-sin: 364.8µs
anexia-hkg: 3.8874ms
rix-hkg: 3.9498ms
gsl-per: 4.9ms
ls-pnq: 6.0459ms
rix-tpe: 6.7ms
Do you want to send this report? [Y/n]: Y
Optional email in case we need additional info: [email protected]
Post unsuccessful: Post "http://localhost:8081/diagnostic": dial tcp [::1]:8081: connect: connection refused
Marks-Work-Mac-Mini:rolling_update markyang$

Windows Defender classifies binary as high security risk

Title says it all. That does not to seem to be a signing issue.

Brazil server routes are not optimized

I made a test with NextDNS routing trough Brazil and it seems the secondary DNS is much better than primary

I would run the diagnostic tool i found here https://help.nextdns.io/t/y4hmvcx/report-network-latency-issue
but i scanned it with virustotal and found 19 detections

Couldn't download

In the latest version of Edge, when I try to download the diag.exe file, I am getting below error. Could you please check this issue? Thanks!

Script hangs in the middle of execution for up to an hour.

time sh -c 'sh -c "$(curl -sL https://nextdns.io/diag)"'

Welcome to NextDNS network diagnostic tool.

This tool will download a small binary to capture latency and routing information
regarding the connectivity of your network with NextDNS. In order to perform a
traceroute, root permission is required. You may therefore be asked to provide
your password for sudo.

The source code of this tool is available at https://github.com/nextdns/diag

Do you want to continue? (press enter to accept)
Testing IPv6 connectivity
  available: true
Fetching https://test.nextdns.io
  status: ok
  client: 193.110.*******
  protocol: DOH
  dest IP: 45.90.28.0
  server: rix-hkg-1
Traceroute for primary IPv4 (45.90.28.0)
    1  193.110.******    0ms   0ms   0ms
^C

real    72m1.162s
user    0m0.419s
sys     0m0.174s

DOQ to use Anycast servers

Hi, I'm a subscriber and I'm trying to use anycast servers for my DOQ.
how do I prepend anycast to the DOQ URL with my nextdns profile?

it works when I write "quic://Device'sname-myNEXTDNS-ID.dns.nextdns.io": uses my Nextdns profile but does not go to anycast.

or "quic://anycast.dns1.nextdns.io" also works using the anycast server but does not use my Configured NextDNS profile.

But I want to append anycast so that I can use DOQ with the anycast servers and my nextDNS ID at the same time. Please, How do I write this?

diag bin fails with OpenBSD 7.4

The current release needs to be re-compiled on OpenBSD 7.4 to be able to work. I cloned the repo and ran go build and was able to run ./diag without it core dumping.

Thanks,
Jim

Add compatibility for Android

Could Android compatibility be added for this tool?

For the sake of curiosity, I ran this under an Android 11 environment via Termux and was given the following output:

$ sh -c 'sh -c "$(curl -s https://nextdns.io/diag)"'

Welcome to NextDNS network diagnostic tool.

This tool will download a small binary to capture latency and routing information
regarding the connectivity of your network with NextDNS. In order to perform a
traceroute, root permission is required. You may therefore be asked to provide
your password for sudo.

The source code of this tool is available at https://github.com/nextdns/diag

Do you want to continue? (press enter to accept)
sh: 26: cannot create /tmp/nextdns-diag-4822: Directory nonexistent
$

Post unsuccessful: status 400

Tried to run this script and while it appeared to complete successfully, it would not send the results giving the following error.
Post unsuccessful: status 400 {"error":"0: instance requires property \"Primary\"\n"}%

Ran on macOS 11.1

Full output (sanitized some info):


Welcome to NextDNS network diagnostic tool.

This tool will download a small binary to capture latency and routing information
regarding the connectivity of your network with NextDNS. In order to perform a
traceroute, root permission is required. You may therefore be asked to provide
your password for sudo.

The source code of this tool is available at https://github.com/nextdns/diag

Do you want to continue? (press enter to accept)
Testing IPv6 connectivity
  available: false
Fetching https://test.nextdns.io
  status: unconfigured
  client: <zzzzzzz>
  resolver: 108.162.217.48
Traceroute for primary IPv4 (45.90.28.0)
    1     10.17.89.1    4ms   1ms   2ms
    2    10.16.160.1    3ms   1ms   1ms
    3   204.14.39.94    4ms   2ms   1ms
    4 142.147.56.170    3ms   2ms   1ms
    5  142.147.56.32    3ms   1ms   1ms
    6 142.147.56.144    3ms   1ms   1ms
    7   38.88.202.57    3ms   2ms   3ms
    8   154.24.45.85    3ms   2ms   2ms
    9  154.54.81.109    3ms   2ms   2ms
   10   154.54.7.130   10ms   9ms   9ms
   11  154.54.82.246   25ms  21ms  21ms
   12   154.54.3.126   24ms  22ms  22ms
   13   154.54.5.178   23ms  21ms  22ms
   14    154.24.2.18   24ms  22ms  22ms
   15 149.14.125.130   24ms  23ms  21ms
   16   85.95.26.222  103ms  92ms  93ms
   17   85.95.25.113  312ms 232ms 231ms
   18                   *     *     *
   19 115.255.252.58    *   243ms 240ms
   20 115.254.43.229  216ms 214ms 213ms
Traceroute for secondary IPv4 (45.90.30.0)
    1     10.17.89.1    5ms   1ms   1ms
    2    10.16.160.1    3ms   1ms   2ms
    3   204.14.39.94    2ms   2ms   1ms
    4 142.147.56.170    3ms   1ms   1ms
    5  142.147.56.32    3ms   2ms   2ms
    6 142.147.56.144    3ms   2ms   2ms
    7   38.88.202.57    4ms   3ms   2ms
    8   154.24.45.85    3ms   3ms   2ms
    9  154.54.81.109    4ms   3ms   2ms
   10  154.54.46.178    4ms   3ms   4ms
   11   154.54.12.38    4ms   3ms   3ms
   12  62.115.113.18   23ms  17ms  17ms
   13 62.115.165.226   20ms  20ms  19ms
   14 188.172.247.32   20ms  19ms  18ms
   15     45.90.30.0   18ms  19ms  18ms
Fetching PoP name for primary IPv4 (45.90.28.0)
Fetch error: Get "https://dns.nextdns.io/info": dial tcp 45.90.28.0:443: connect: operation timed out
Fetching PoP name for secondary IPv4 (45.90.30.0)
  anexia-atl: 18.6ms
Pinging PoPs
  heficed-chi: 3.884ms
  vultr-chi: 4.291ms
  router-pit: 15.256ms
  zepto-mci: 15.255ms
  smarthost-mci: 15.23ms
  zepto-iad: 20.326ms
  zepto-xrs: 22.214ms
  hydron-clt: 25.205ms
  tier-clt: 24.913ms
  anexia-mnz: 26.626ms
Do you want to send this report? [Y/n]: 
Optional email in case we need additional info: <zzzzzz>
Post unsuccessful: status 400
{"error":"0: instance requires property \"Primary\"\n"}%

Diag not playing nice with Little Snitch

Hey -- seems like running this script generates a different binary name (ie nextdns-diag-16136).

This means every time this runs I need to allow this in Little Snitch's firewall rules. However, the script does not wait and before I can click allow, it already fails in the script.

Do you want to continue? (press enter to accept)
Testing IPv6 connectivity
  available: false
Fetching https://test.nextdns.io
  Fetch error: Get "https://test.nextdns.io": unexpected EOF

For example, I do have IPv6 connectivity:

$ ping6 google.be -c 1
PING6(56=40+8+8 bytes) 2404:e801:200e:227f:8cab:3eee:8919:9502 --> 2404:6800:4003:c03::5e
16 bytes from 2404:6800:4003:c03::5e, icmp_seq=0 hlim=108 time=6.519 ms

--- google.be ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 6.519/6.519/6.519/0.000 ms

And opening tests in the browser works fine:

{
	"status": "ok",
	"protocol": "DOH",
	"configuration": "xxx",
	"client": "58.96.209.xxx",
	"destIP": "103.62.48.147",
	"server": "gsl-sin-1",
	"clientName": "nextdns-cli",
	"deviceName": "yeri-macbookpro1",
	"deviceID": "xxx"
}

Run ok, but had an error

Hi,
Downloaded = OK
Despite an error message it run ok
Error message { environment: line 85: detect_endiannes: command not found }
Steen

Errors with IPv6 only NAT64

Uses NAT64 for IPv4 checks

Traceroute for ultra low latency primary IPv4 (64:ff9b::d992:b31)

Does not skip IPv4 checks.

Fetching PoP name for ultra low latency primary IPv4 (ipv4.dns1.nextdns.io)
  anexia-maa: 249.99ms
Fetching PoP name for ultra low latency secondary IPv4 (ipv4.dns2.nextdns.io)
  do-blr: 175.933ms
Fetching PoP name for anycast primary IPv4 (45.90.28.0)
Fetch error: Get "https://dns.nextdns.io/info": dial tcp 45.90.28.0:443: connect: network is unreachable
Fetching PoP name for anycast secondary IPv4 (45.90.30.0)
Fetch error: Get "https://dns.nextdns.io/info": dial tcp 45.90.30.0:443: connect: network is unreachable
Fetching PoP name for ultra low latency primary IPv6 (ipv6.dns1.nextdns.io)
  anexia-maa: 395.796ms
Fetching PoP name for ultra low latency secondary IPv6 (ipv6.dns2.nextdns.io)
  do-blr: 386.427ms
Fetching PoP name for anycast primary IPv6 (2a07:a8c0::)
  vultr-sjc: 253.314ms
Fetching PoP name for anycast secondary IPv6 (2a07:a8c1::)
  anexia-lax: 232.599ms

At the end post gets failed.

Post unsuccessful: status 400

Script should check for DNS64/NAT64 and handle it accordingly.