bitmonster
Senior Member
Just discovered this amazing tool and subscribed, loving it!
I have recently moved to a new ISP that supports "native" IPv6.
I am using a Asus RT-AC86u with Merlin, and Cloudflare DNS as default resolver, with NextDNS set up as TLS resolver with IPv6 and TLS address - although the command line client seems to be handling it as the dashboard is identifying clients. I also have DNS Director set to "router" to force all DNS through the router - I have no idea how this works however my work laptop still seems to use it's own DNS though which is fine I guess.
Also running SkyNet although not yet seeing any new log entries so can't see if IPv6 is working there either.
Trying to set up NextDNS command line client up so it passes all DNS tests and works properly though. When running nextdns log I receive "Error: exit status 2" - any idea why? It was working last night but not this morning.
Otherwise status says running and my NextDNS dashboard suggests it's running fine with discovered devices (neat feature) and all encrypted although less than 10% with DNSSEC validation (is this normal?)
Majority traffic still seems to be via IPv4 though, only a minority via IPv6 and I would prefer it *all* go via IPv6.
I get a "B" rating on https://cmdns.dev.dns-oarc.net/ with all pass except for Transport -> IPv6 and RPKI IPv4 on my KUbuntu Edge and Firefox browser and Android phone. I thought I recall this having a full pass A rating the previous night before I installed the NextDNS router client. RPKI IPv6 passes though, as does all other tests.
My ISP uses IPoE - "Obtain IP automatically" and IPv6 pass-through.
https://www.dnscheck.tools/ shows only IPv4 NextDNS although that passes all DNS security tests (ECDSA P-256 ECDSA P-384 Ed25519) - DNSSEC working fine - however with a error noted at the bottom of the page that my "DNS resolvers cannot reach IPv6 name servers".
Next DNS dashboard shows only 50 of 5,000 queries last half hour as via IPv6 - 37 of which are from "Router" for periodic speed test domains. So basically everything is going via IPv4 except when I use my mobile off the home network - which then passes all tests except for RPKI IPv6 with NextDNS set as a "Private DNS" server in system settings. And when using my mobile network (WiFi off) sure enough the phone device shows up as using IPv6, and dnscheck.tools also passes all tests with IPv6 showing as enabled.
Interestingly when I now ping google.com from my KUbuntu laptop it picks up a IPv6 address, however when pinging from my *router* command line it picks up a IPv4 address. .
When I just deactivated / stopped the NextDNS client via command line, sure enough https://www.dnscheck.tools/ and https://cmdns.dev.dns-oarc.net/ returned IPv6 and a A rating. From the router command line - pinging Google.com still returns a IPv4 address, pinging ipv6.google.com returns a IPv6 address though.
So that could mean something is amiss with the DNS Resolver there - possibly the command line NextDNS client.
Can anyone think of anything I can or should change?
And now my Asus Dynamic DNS doesn't seem to be updating either so I can't use incoming VPN however I will see if it starts updating again after disabling the NextDNS router client.
Config is
cache-max-age 0s
mdns all
auto-activate false
cache-size 10MB
discovery-dns
use-hosts true
listen localhost:53
control /var/run/nextdns.sock
log-queries false
max-ttl 0s
report-client-info true
hardened-privacy false
debug false
timeout 5s
max-inflight-requests 256
setup-router true
bogus-priv true
detect-captive-portals false
profile -----
And ifconfig from the router command line shows eth0 with both IPv4 and IPv6 address.
Interestingly though SkyNet is only showing a IPv4 address in it's command line menu.
So for now I have run "nextdns uninstall" until I can work out how to get this working via IPv6 which has returned all DNS tests to fully passed
I have recently moved to a new ISP that supports "native" IPv6.
I am using a Asus RT-AC86u with Merlin, and Cloudflare DNS as default resolver, with NextDNS set up as TLS resolver with IPv6 and TLS address - although the command line client seems to be handling it as the dashboard is identifying clients. I also have DNS Director set to "router" to force all DNS through the router - I have no idea how this works however my work laptop still seems to use it's own DNS though which is fine I guess.
Also running SkyNet although not yet seeing any new log entries so can't see if IPv6 is working there either.
Trying to set up NextDNS command line client up so it passes all DNS tests and works properly though. When running nextdns log I receive "Error: exit status 2" - any idea why? It was working last night but not this morning.
Otherwise status says running and my NextDNS dashboard suggests it's running fine with discovered devices (neat feature) and all encrypted although less than 10% with DNSSEC validation (is this normal?)
Majority traffic still seems to be via IPv4 though, only a minority via IPv6 and I would prefer it *all* go via IPv6.
I get a "B" rating on https://cmdns.dev.dns-oarc.net/ with all pass except for Transport -> IPv6 and RPKI IPv4 on my KUbuntu Edge and Firefox browser and Android phone. I thought I recall this having a full pass A rating the previous night before I installed the NextDNS router client. RPKI IPv6 passes though, as does all other tests.
My ISP uses IPoE - "Obtain IP automatically" and IPv6 pass-through.
https://www.dnscheck.tools/ shows only IPv4 NextDNS although that passes all DNS security tests (ECDSA P-256 ECDSA P-384 Ed25519) - DNSSEC working fine - however with a error noted at the bottom of the page that my "DNS resolvers cannot reach IPv6 name servers".
Next DNS dashboard shows only 50 of 5,000 queries last half hour as via IPv6 - 37 of which are from "Router" for periodic speed test domains. So basically everything is going via IPv4 except when I use my mobile off the home network - which then passes all tests except for RPKI IPv6 with NextDNS set as a "Private DNS" server in system settings. And when using my mobile network (WiFi off) sure enough the phone device shows up as using IPv6, and dnscheck.tools also passes all tests with IPv6 showing as enabled.
Interestingly when I now ping google.com from my KUbuntu laptop it picks up a IPv6 address, however when pinging from my *router* command line it picks up a IPv4 address. .
When I just deactivated / stopped the NextDNS client via command line, sure enough https://www.dnscheck.tools/ and https://cmdns.dev.dns-oarc.net/ returned IPv6 and a A rating. From the router command line - pinging Google.com still returns a IPv4 address, pinging ipv6.google.com returns a IPv6 address though.
So that could mean something is amiss with the DNS Resolver there - possibly the command line NextDNS client.
Can anyone think of anything I can or should change?
And now my Asus Dynamic DNS doesn't seem to be updating either so I can't use incoming VPN however I will see if it starts updating again after disabling the NextDNS router client.
Config is
cache-max-age 0s
mdns all
auto-activate false
cache-size 10MB
discovery-dns
use-hosts true
listen localhost:53
control /var/run/nextdns.sock
log-queries false
max-ttl 0s
report-client-info true
hardened-privacy false
debug false
timeout 5s
max-inflight-requests 256
setup-router true
bogus-priv true
detect-captive-portals false
profile -----
And ifconfig from the router command line shows eth0 with both IPv4 and IPv6 address.
Interestingly though SkyNet is only showing a IPv4 address in it's command line menu.
So for now I have run "nextdns uninstall" until I can work out how to get this working via IPv6 which has returned all DNS tests to fully passed
Last edited: