cancel
Showing results for 
Search instead for 
Did you mean: 

I have 35 AP650's deployed across 3 buildings. I have some weird issues with Android phones ex. Pixel 3, Galaxy s8+, OnePlus 6t, and others getting the message connected, no internet.

I have 35 AP650's deployed across 3 buildings. I have some weird issues with Android phones ex. Pixel 3, Galaxy s8+, OnePlus 6t, and others getting the message connected, no internet.

donnie_johnson
New Contributor
I have 35 AP650's deployed across 3 buildings. I have some weird issues with Android phones ex. Pixel 3, Galaxy s8+, OnePlus 6t, and others getting the message connected, no internet.
6 REPLIES 6

donnie_johnson
New Contributor

Update: We had some old LG androids that were still exhibiting the issue after making that change. I had to create a new SSID that used the main subnet (native vlan) to get them to connect. They would not connect to our dedicated vlan for Guest. I'm still unsure of the reason behind this but that is what I had to do to get some of the older androids to connect. Any ideas feel free. I've double check configs and everything looks good.

bruce_stahlin
Contributor III
Thank you for the update. I’m sure others will benefit.

donnie_johnson
New Contributor

I found the culprit! Google implemented DNS over TLS in late 2018 on Android. This is when our issues started. It's not the same thing as DNS Sec which just authenticates the DNS server to make sure it is who it says it is. Once that part of DNS Sec is done DNS traffic flows unencrypted over port 53. Encrypted DNS does what DNS Sec does plus encrypts the payload. It also uses TCP port 853 which our firewall was blocking because we only allow approved services through. Apple iOS and MacOS only support DNS Sec. Their support for encrypted DNS is coming later in the year which explains why they haven't been affected yet. Allow port 853 through the firewall has fixed 90+% of the effected clients. Others I've had to manually disable the Private DNS feature in the Settings>Connections portion of Android OS. Private DNS(encrpyted) is supposed to fail back to plain DNS if negotiation fails but some are not or are timing out. That is what made this issue so hard to troubleshoot. Android needs to improve the reliability of this feature. Also latency can aggravate the issue as well as your ISP's DNS server not supporting or rejecting the connection outright. I mean afterall your DNS queries are valuable info that they make a lot of money off of. Hope this helps and if you find any additional info on this please let me know!

Anonymous
Not applicable

@Donnie Johnson​ 

 

Did you find some sort of solution for this ? Looks like we have the same issues, also with Android devices (not with Apple devices etc.)

 

 

GTM-P2G8KFN