I am trying to configure nextdns on the router (snapshot) and installed luci-app-nextdns on a working router. The page shows that the service is enabled and the executable is indeed running, but no changes are made to /etc/config/dhcp for dnsmasq to actually use nextdns. @olivier Is that by design?
Are resolutions going thru nextdns then or it does not work?
It does not change visible router settings, but add some directives to the dnsmasq configuration under the hood in a place that is easy to remove when the process exit.
It did not work. My router was configured with stubby and cleanbrowsing and after installing nextdns, the resolution was still going through cleanbrowsing.
I checked /etc/config/dhcp and there were no changes made. Can you tell me what file is supposed to be changed by nextdns?
You should see a file called /tmp/dnsmasq.d/nextdns.conf.
Can you please show the out of:
as well as:
It is all working now, but I had to add list server '127.0.0.1#5342' to /etc/config/dhcp and disable dense validation in dnsmasq.
cat /tmp/dnsmasq.d/nextdns.conf server=127.0.0.1#5342 no-resolv add-mac add-subnet=32,128
nextdns version nextdns version 1.3.1
can you please
It is slightly stripped...
cat /var/etc/dnsmasq.conf.* # auto-generated config file from /etc/config/dhcp conf-file=/etc/dnsmasq.conf dhcp-authoritative domain-needed filterwin2k no-resolv localise-queries read-ethers enable-ubus expand-hosts bind-dynamic dhcp-sequential-ip cache-size=1500 dns-forward-max=150 domain=blah server=/lan/ server=127.0.0.1#5453 server=/openwrt.pool.ntp.org/22.214.171.124 server=/cdnjs.cloudflare.com/126.96.36.199 dhcp-leasefile=/tmp/dhcp.leases servers-file=/root/adb_list.overall stop-dns-rebind conf-file=/usr/share/dnsmasq/trust-anchors.conf dnssec dnssec-no-timecheck dhcp-broadcast=tag:needs-broadcast addn-hosts=/tmp/hosts conf-dir=/tmp/dnsmasq.d user=dnsmasq group=dnsmasq dhcp-host=[stripped] dhcp-ignore-names=tag:dhcp_bogus_hostname conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf bogus-priv conf-file=/usr/share/dnsmasq/rfc6761.conf dhcp-range=set:lan,blah dhcp-range=set:iot,blah enable-ra quiet-ra
Ok got it. You'll have to remove the forwarders you've set in the DHCP/DNS config for now. Next revision will handle that automatically.
For now, I have setup stubby to talk to NextDNS. I will try your fix when it is available.
A somewhat related question: what is the benefit of using nextdns over stubby here? You app is written in Go, so it is ginormous I guess your app can provide some granular configurability. Are there any other big differences?
UPDATE: In both cases, my router would be connecting to NextDNS.
We are working on the size, it should get smaller, but still bigger than dynamically linked C programs.
The main advantages are:
- We use different routing and fallback techniques to connect to our servers, so you should get a closer server (lower latency) and in case of issue, it will try very hard to find another (farther) server before failing.
- Stubby has some known issue with our service where it get unstable in some cases (we are still investigating)
- Our daemon is able to discover your LAN hosts (if you enable the Report Client Info) and show them in the analytics (you need the very last version of nextdns for this to work well, which is not yet pushed to opkg, coming soon).
- You can apply different NextDNS configuration ID based on the subnet/IP/MAC address of the LAN client. This is very handy to apply kid specific config on kid devices (not yet implemented in the UI tho).
Thx, looking forward to all these improvements!
I have this entry list server '/openwrt.pool.ntp.org/188.8.131.52' in /etc/config/dhcp and as I understand it is to handle the case, when the router comes up with time way behind current and until the time is synced, SSL communications are not possible. Does your app handle this case or I am mistaken here?
any news on this issue?
I wish I could segregate different settings for some networks to create parental control for children
Which part of the issue?
How can i configure multiple ID configuration?
Hi. I'm running the latest NextDNS (nextdns version 1.8.6) and have both one
option config as well as a number of
list host_config entries in
/etc/config/nextdns. Yet, all the DNS queries from the
list host_config MACs and subnets is now going only to the option configured in
option config. I have tried restarting NextDNS as well as restarting the router, but to no avail.
Here's my config file, with the NextDNS configs blanked:
config nextdns main option enabled '1' option config ****** list host_config 'E8:DE:27:C9:5F:04=******' # Ripe Atlas Probe list host_config 'a4:4b:d5:45:e3:3d=******' # Redmi Note 8 Phone list host_config '10.3.0.0/16=******' # Corvus list host_config '10.4.0.0/16=******' # Guest option report_client_info '1' option hardened_privacy '0' option log_queries '0'
UPDATE: changing the
list host_config entries to
list config entries seems to work. But I thought version 1.8.6 used
list host_config for the individual MACs/IPs/subnets and
option config for the main fallback config.