NextDNS Installer

[Olivier Poitrey]

Unfortunately the same result: a few entries from May 5 (before NTP was working) and everything else is from after the reboot.

And nextdns does not start correctly?

 

[XIII]

No, it’s fine now (that’s why I’ll have to wait for a next occurrence of the issue).

 

[Olivier L]

Hello I am trying this nextdns client. Was used to use stubby method but 2 times, there was an issue : no dns resolver.
With this client, it is not working : even with VPN DNS accept conf = disabled, my devices behind the VPN client 2 are still using VPN DNS resolver instead of dnsnext.

 

[dave14305]

Hello I am trying this nextdns client. Was used to use stubby method but 2 times, there was an issue : no dns resolver.
With this client, it is not working : even with VPN DNS accept conf = disabled, my devices behind the VPN client 2 are still using VPN DNS resolver instead of dnsnext.

As long as you can force them to use router LAN IP for DNS it should go through NextDNS just fine.

 

[coolbeans2016]

I'm proud to announce NextDNS is now officially supporting Merlin. You can find the installation procedure on our Github Wiki.

We are also working with @RMerlin to add a UI to this integration. Stay tuned.

You can post your questions or concerns to this thread or contact us directly through our support chat on https://nextdns.io.

Enjoy and happy new year.

Does this mean OpenDNS will be able to function while using OpenVPN now?!!!!

 

[Olivier L]

As long as you can force them to use router LAN IP for DNS it should go through NextDNS just fine.

finally after a reboot it works.

nextdns log shows
Error: exit status 1

Is that normal ???

according to my.nextdns.io it is working well.

 

[momall]

i took the plunge and installed the router client. working well. no issues at the moment.
web support is pretty good, althought, it would be good to have a feedback form, cause i keep using the chat and i feel that may not be the best way to provide feedback...

 

[Puremin0rez]

I've been running solid since the first of January and had my first real issue today. I'm still using the NextDNS client from then as well - so I am definitely not up to date.

DNS requests stopped working all of a sudden and I looked in the log and saw this

Jan 18 00:24:21 dnsmasq[570]: netlink returns error: Device or resource busy

Is this anything that could be caused by NextDNS? The only reason I suspect NextDNS is because I ran for months without any issues previously.

 

[Olivier L]

Hello
My nextdns client log show "Activate: activate: 127.0.0.1:5342: non 53 port not supported".

Moreover, I still have issues to get dnsnext fully used by all my clients.
For VPN clients, I use "Accept DNS Configuration" = DISABLED.
In local network, DHCP server I use "Advertise router's IP in addition to user-specified DNS" = No and "DNS server 1 & 2" left blank. DNS Filter is disabled.
In WAN area, I use "auto connect to DNS server" for WAN DNS (=> cloudflare from my ISP router).
If I run a dnsleaktest I see my clients using either cloudflare or dnsnext. Even after router reboot. I do not understand why it is not using only dnsnext ?

EDIT: If I changed my WAN Area DNS settings to "auto connect to DNS server" = NO and both servers are left blank, it works... BUT, at restart my vpn never restarts because of "temporary domain resolution failed". It seems that to start my set up needs a resolver like 1.1.1.1 and after I can remove and dnsnext takes the task. Why my vpn is not started using dnsnext resolver ?

I will check replacing domain vpn servers names by IPs : Edit => it is the same.

 

[Olivier L]

Hello
I have this set (even after reboot)

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:1194
DNAT udp -- anywhere anywhere udp dpt:domain to:192.168.1.1
DNAT tcp -- anywhere anywhere tcp dpt:domain to:192.168.1.1

Is that due to NextDNS installer ? How to remove it ? I no longer use NextDNS installer (I use NextDNS with dnscrypt-proxy).

 

[dave14305]

Hello
I have this set (even after reboot)


Is that due to NextDNS installer ? How to remove it ? I no longer use NextDNS installer (I use NextDNS with dnscrypt-proxy).

That isn’t related to NextDNS. It looks like a rule for an OpenVPN server. What’s in your port forwarding?

 

[Olivier L]

Ah yes ! you're right I have a VPN server running.
But I understand for that line

ACCEPT udp -- anywhere anywhere udp dpt:1194

This is clearly linked to my vpn server.

But that one I do not think so

DNAT udp -- anywhere anywhere udp dpt:domain to:192.168.1.1
DNAT tcp -- anywhere anywhere tcp dpt:domain to:192.168.1.1

 

[dave14305]

Ah yes ! you're right I have a VPN server running.
But I understand for that line

This is clearly linked to my vpn server.

But that one I do not think so

Look in /jffs/scripts/firewall-start or nat-start for clues.

 

[Olivier L]

nat-start, I have set myself it is not there.

firewall-start I have

#!/bin/sh
sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/cleusb/skynet # Skynet Firewall Addition
/jffs/scripts/FreshJR_QOS -start $1 &
[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules

 

[Olivier L]

Sorry for that... it is managed by dnscrypt.

 

[dave14305]

nat-start, I have set myself it is not there.

firewall-start I have

Sorry for that... it is managed by dnscrypt.

Yes. https://github.com/thuantran/dnscrypt-asuswrt-installer/blob/master/gen/manager#L105

 

[SomeWhereOverTheRainBow]

nat-start, I have set myself it is not there.

firewall-start I have

Yes. https://github.com/thuantran/dnscrypt-asuswrt-installer/blob/master/gen/manager#L105

yes that is a firewall rule the DNSCRYPT installer has always used to redirect clients on br0 interface to use 192.168.1.1 as forced DNS. (if you have nextdns defined as server using the DNSCRYPT installer then all devices using br0 interface are forced to use it. )

similarly you can run ip a to confirm what interface your ip ranges are using and adjust firewall rules accordingly to match those interfaces as needed.

 

[dave14305]

yes that is a firewall rule the DNSCRYPT installer has always used to redirect clients on br0 interface to use 192.168.1.1 as forced DNS. (if you have nextdns defined as server using the DNSCRYPT installer then all devices using br0 interface are forced to use it. )

similarly you can run ip a to confirm what interface your ip ranges are using and adjust firewall rules accordingly to match those interfaces as needed.

You could give it a fancy name like DNSFilter and...oh wait.

 

[SomeWhereOverTheRainBow]

You could give it a fancy name like DNSFilter and...oh wait.

yea I am contemplating changing it to strictly use DNSFilter since it is a more viable option since DNSFilter accounts for the right interfaces on different style setups and weird configurations.

 

[ShelaMonster]

Hey Olivier, I'm trying to use -config to update NextDNS to not use hosts "-use-hosts (default true)" but I'm unable to figure out how to set it as false.
I want my router name reported but not each individual device connected to it as some device names are not showing correctly. (Smart TVs are a prime example since I cannot set their device name outside of the >router< hosts list)
During setup I've simply left report device name as "off" so NextDNS is now reporting just the IP for my home router but also logging nothing else.