NextDNS won't work on OpenWrt 24.10.2
Greetings,
after upgrading my OpenWRT router from 23.05.5 to the latest version, NextDNS stopped working. When
I connect to my NextDNS account, I can see that no traffic is tunneled towards NextDNS and my Router uses my default DNS Provider.
I use the latest NextDNS client on my router (1.45.0) and from what I can tell, the log looks fine after a fresh reboot:
Mon Jul 7 05:51:33 2025 daemon.notice nextdns[2476]: Starting NextDNS 1.45.0/linux on 127.0.0.1:5342
Mon Jul 7 05:51:33 2025 daemon.notice nextdns[2476]: Listening on TCP/127.0.0.1:5342
Mon Jul 7 05:51:33 2025 daemon.notice nextdns[2476]: Listening on UDP/127.0.0.1:5342
Mon Jul 7 05:51:38 2025 daemon.notice nextdns[2476]: Setting up openwrt router
Mon Jul 7 06:09:10 2025 daemon.notice nextdns[2476]: Connected 45.90.28.0:443 (con=19ms tls=1103ms, TCP, TLS13)
Mon Jul 7 06:09:11 2025 daemon.notice nextdns[2476]: Connected [2a0b:4341:704:24:5054:ff:fe91:8a6c]:443 (con=10ms tls=556ms, TCP, TLS13)
Mon Jul 7 06:09:11 2025 daemon.notice nextdns[2476]: Switching endpoint: https://dns.nextdns.io#194.45.101.249,199.247.16.158,2a0b:4341:704:24:5054:ff:fe91:8a6c,2a05:f480:1800:8ed:5400:2ff:fec8:7e46
Mon Jul 7 06:36:40 2025 daemon.notice nextdns[2476]: Connected [2a05:f480:1800:8ed:5400:2ff:fec8:7e46]:443 (con=11ms tls=32ms, TCP, TLS13)
Mon Jul 7 07:21:53 2025 daemon.notice nextdns[2476]: Connected [2a05:f480:1800:8ed:5400:2ff:fec8:7e46]:443 (con=11ms tls=34ms, TCP, TLS13)
Mon Jul 7 07:41:22 2025 daemon.notice nextdns[2476]: Connected [2a05:f480:1800:8ed:5400:2ff:fec8:7e46]:443 (con=12ms tls=42ms, TCP, TLS13)
Mon Jul 7 08:11:01 2025 daemon.notice nextdns[2476]: Connected 199.247.16.158:443 (con=11ms tls=43ms, TCP, TLS13)
Mon Jul 7 08:31:51 2025 daemon.notice nextdns[2476]: Connected [2a05:f480:1800:8ed:5400:2ff:fec8:7e46]:443 (con=11ms tls=33ms, TCP, TLS13)Some specialties on my end that might effect this results:
- I use multiple dnsmasq instances - one for each network as described in this article: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#multiple_dhcpdns_serverforwarder_instances
- I set up DNS Hijacking: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns#web_interface_instructions
This didn't affect NextDNS under OpenWRT 23.05, but I thought it might be worth mentioning.
Thanks in advance!
1 reply
-
Sorry for not including this in the firt post, but here are my config files:
/etc/config/dhcp:config dnsmasq 'lan_dns'
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option local '/mgmt/'
option domain 'mgmt.lan'
option expandhosts '1'
option authoritative '1'
option leasefile '/tmp/dhcp.leases.lan'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
list interface 'lan'
option localservice '1'
option rebind_localhost '1'
option readethers '1'/var/etc/dnsmasq.conf
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
domain=mgmt.lan
local=/mgmt/
interface=br-lan
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases.lan
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.lan_dns.d
user=dnsmasq
group=dnsmasqdhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.confbogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:lan,192.168.1.3,192.168.1.6,255.255.255.248,12h
dhcp-option=lan,42,192.168.1.1To me, it is interesting to see bogus-priv set, but not no-resolv, strict-order, server or add-cpe-id, like the dnsmasq configuration guide would suggest.
Again, any ideas are appreciated.
Content aside
- 13 hrs agoLast active
- 1Replies
- 38Views
-
1
Following