1

EdgeRouter with NextDNS Client and Local Static DNS Entries

Hi Folks,

Been using NextDNS for awhile, but finally decided to try the client directly on my router. The router is an Ubiquiti EdgeRouter 4. The install went fine, and most things are working, with the exception of static entries in the DNS Forwarding Options. Items like described here: https://help.ui.com/hc/en-us/articles/115010913367-EdgeRouter-DNS-Forwarding-Setup-and-Options#3

Example:

set service dns forwarding options address=/vm1.domain.com/192.168.1.10

I think this uses some features of dnsmasq under the covers since they appear to be dnsmasq type entries. These were working great, however, since adding the NextDNS client, these are no longer resolved by my router. I have almost 20 entries in there for various systems where I have static IPs (not static DHCP leases) set. This does not seem to fit into either Split-Horizon, nor into DNSMasq Integration, so how can I make this work?

TIA!

Jason

7 replies

null
    • SuperJC710e
    • 8 mths ago
    • Reported - view

    Hi Again,

    Still haven't figured this out, but I'm thinking I might need to use the DNSMasq Integration in the end.

    https://github.com/nextdns/nextdns/wiki/DNSMasq-Integration

    However, it's unclear how to do so on this router. I can set the listen port in the config, but then it states:

    # nextdns config set -listen localhost:5555
    WARNING: listen is ignored when setup-router is enabled
    

    I'm not sure what other items might get lost if I set:

    # nextdns config set -setup-router false
    

    Additionally, I see that nextdns installs an additional file in /etc/dnsmasq.d/nextdns.conf that basically turns off dnsmasq.

    # cat /etc/dnsmasq.d/nextdns.conf
    # Configuration generated by NextDNS
    # DNS is handled by NextDNS
    port=0
    

    If I remove this file, (or does the changed config do this?), how do I properly restart dnsmasq on edgeos. Also, how do I set the addtional options that are supposed to be set?
     

    --server '127.0.0.1#5555' --add-mac --add-subnet=32,128

    I think they end up something like this in the /etc/dnsmasq.conf file:

    server=127.0.0.1:5555
    no-resolv
    add-mac
    add-subnet=32,128
    

    However, I'm unsure if I can edit that file directly, or should I use some native edgeos (vyatta) commands to set those options?

    Can anyone clarify these items?

    TIA

    • SuperJC710e
    • 8 mths ago
    • Reported - view

    Hi Again,

    So after taking a look at the go code for edgeos, I noticed that dnsmasq is only disabled if you enable caching during the nextdns config setup post install. So I reran the config wizard (nextdns config wizard), and selected no. Now it is working! :)

    # nextdns config wizard
    
    ...
    
    Enable caching? [Y|n]: n
    

    Thanks for reading! Hope this helps someone else!

    • SuperJC710e
    • 8 mths ago
    • Reported - view

    Hi Again,

    Looks like I spoke too soon. This doesn't fully work. Now my NextDNS keeps flipping between, "All Good!" and "This device is not using NextDNS." I think it has something to do with the DNS servers I already had setup on my Router.

    server=208.67.222.222   # system
    server=208.67.220.220   # system
    server=127.0.0.1        # system
    server=::1      # system

    However, when I remove the OpenDNS servers, then DNS resolution on my network stops working. Not sure if I should remove the localhost references as well or not...

    Contents of /etc/dnsmasq.d/nextdns.conf

    # Configuration generated by NextDNS
    no-resolv
    server=127.0.0.1#5342
    add-mac
    add-subnet=32,128
    

    Output of netstat

    # netstat -pantu | grep nextdns
    tcp        0      0 127.0.0.1:5342          0.0.0.0:*               LISTEN      18968/nextdns
    udp        0      0 127.0.0.1:5342          0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp        0      0 0.0.0.0:5353            0.0.0.0:*                           18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    udp6       0      0 :::5353                 :::*                                18968/nextdns
    

    And /etc/resolv.conf (which appears to be ignored by no-resolv)

    # cat /etc/resolv.conf
    #line generated by /opt/vyatta/sbin/vyatta_update_resolv.pl
    domain          daguio.lan
    nameserver      127.0.0.1
    nameserver      ::1
    nameserver      208.67.222.222
    nameserver      208.67.220.220
    

    Any help would be appreciated.

    TIA!
     

    • SuperJC710e
    • 8 mths ago
    • Reported - view

    Hi Again,

    An update...I think I just needed to disable using system DNS for forwarding in edgeos

    delete service dns forwarding system && commit && save && exit
    

    I think it's working now...at least so far. Hopefully I'm not talking too soon again... :P

    • SuperJC710e
    • 8 mths ago
    • Reported - view

    Just an update to say the above is working. (Solution Part 1, Solution Part 2)

    To summarize:
     

    # nextdns config wizard
    ...
    Enable caching? [Y|n]: n
    delete service dns forwarding system && commit && save && exit

    If there are any moderators around, could you please mark this as [SOLVED] or whatever the practice is?

    TIA

    • Mark.7
    • 7 mths ago
    • Reported - view

    Hi,

    late reply, but from my research there are two other ways to achieve this. In the nextdns cli, play with the command 'forwarder' - https://github.com/nextdns/nextdns/wiki/Split-Horizon

    The other way is in the nextdns webgui, you can set forwarders for individual domains. 

    I was doing it your way before but moved across to the split horizon on the cli on the Edgerouter. I didn't use the webgui as I didn't want to resolve to an internal IP when I was outside of my home network but using NextDNS

      • SuperJC710e
      • 5 mths ago
      • Reported - view

      Thanks for the response! I'm happy with it as it is right now, but if I ever feel like trying it a different way, I'll try this out.

Content aside

  • 1 Likes
  • 5 mths agoLast active
  • 7Replies
  • 614Views
  • 2 Following