I looked but I’m not certain where this needs to go. I’ll keep it short. I found a few oddities that caused problems when using NextDNS(the client app from repo) and not having dnsmaq-full installed. This took hours to sort and there was zero documentation of this, that I could find. I’m putting this here in hopes that it saves others time.
Basically if you install NextDNS and use it on OpenWRT you need to install DNSMASQ-FULL as well unless you like coming across domains that don’t resolve. It will save you allot of time and grief.
Here is a short summary with some more details on exactly what this all is about. My setup is simple I run OpenWRT on my linksys wrt3200 ACM. I use mullvad as my vpn with wireguard. I use NextDNS for my DNS, because of the security features it has, plus its faster then my isp. I have a domain I need to access for work solace.bristlecone.com to be more precise. I found I could not access it. I ran a whois and checked the nameservers for a A record. Everything was good to that end. When I ran a host from my Linux laptop I kept getting NXDOMAIN. So tried without VPN and using different DNS server that worked. So the issue was on my end. A dig +trace for that domain showed IPV6 errors. Fine I turned off IPv6 and deleted WAN6. That seemed to work for a while. Day later it happened again. Logs where no help, there was not a clue in there to be had. I eventually enlisted Grok’s help. It was then that I discovered the default DNSMASQ was why I was getting a NXDOMAIN on DNSSEC signed domains. I added a manual rewrite on the NextDNS side and that worked as a work around till I could fix it for real. I mentioned to Grok I had not swapped to DNSMASQ-FULL and that lead to a confirmation that it was the issue. My router was on 24.10.2 so I updated it and put in DNSMASQ-FULL. That solved that the issue, normal resolution without bandaids required.
That is all, could save me a day of lost work had I know this. Hopefully, my posting it here ends up helping others.
