0

NextDNS is not working at all

I have tried everything I know of. I have the service running (both of them), I have NextDNS on my ASUS RT-BE92U in the WAN settings, I have the latest version of Asuswrt-Merlin, I have used the CLI to auto configure the router. When I reboot I can't get back on because it says that the DNS settings are preventing a connection.

Every time I reboot the IPv4 settings go back to 127.0.0.1 and I have to put the NextDNS servers back manually and I can get to the internet. As of right now, NextDNS is uninstalled and the services set to manual and stopped. 

Could someone please explain what is going on? I would love to use the service. As a cybersecurity professional I think it's a good service, but if I have to reset the DNS every time I reboot I'll just get rid of it. 

2 replies

null
    • TechStud
    • 3 days ago
    • Reported - view

    Interesting conflict between how Asuswrt-Merlin handles DNS configuration and how the NextDNS CLI is trying to persist its settings.

     

    It's important to note that since the NextDNS CLI installs a local DNS resolver on your router, this local resolver is meant to be the only thing the router talks to for DNS queries. 

     

    Below are two options that you can try. I recommend Option 1, since it's the easiest/quickest way to validate everything is working correctly and should persist reboots) 

    Option 1: (Recommended)

    Since you are running Asuswrt-Merlin, you should be able to use the built-in DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) feature, which is much simpler and avoids the local resolver conflict.

    1. Verify the NextDNS CLI is completely uninstalled, and the services are disabled.

    2. Configuration via the GUI:

      • Go to the ASUS Web GUI.

      • Navigate to WAN settings.

      • Scroll down to the WAN DNS Setting section.

      • Find the option for DNS Privacy Protocol (or similar, depending on your Merlin version).

      • Select "DNS-over-TLS (DoT)" or "DNS-over-HTTPS (DoH)".

      • In the fields for the DoT/DoH server, enter your unique NextDNS configuration ID hostname.

        • Example: [Your-NextDNS-ID].dns.nextdns.io

      • Save and Apply.

    NOTE: This method should be quite stable for reboots because the router's native firmware handles the secure connection, and you are not relying on a third-party service running on the loopback interface. 

    Option 2: 

    This will offer better security and logging, but requires proper setup to start correctly.

    1. Ensure the NextDNS CLI is completely removed and its services are stopped and disabled.

    2. In the ASUS Web GUI under WAN settings, ensure the DNS Server 1 and DNS Server 2 fields are either empty (if you want the CLI to handle everything) or are set to your ISP's default servers for temporary connectivity.

    3. Re-Install and Configure...

      • Re-install the NextDNS CLI via the command line or the recommended method for Merlin. NOTE: The key is ensuring that the service startup script is correctly integrated into Merlin to start early and correctly after a reboot.

      • On a successful installation, you should see $127.0.0.1$ as the DNS server in your router's status page, as this is the intended configuration. NOTE: If it keeps failing to connect, you may need to look for a specific Merlin setup guide for the NextDNS CLI, as it often requires a small custom startup script to play nicely with the router's boot sequence.

    4. Final Checks (Important)

      • DNS Server 1 / DNS Server 2 (at the top of the WAN DNS section) are typically for the router's own use during startup. You can usually leave these set to Connect to DNS Server automatically or set them to a non-NextDNS server like 1.1.1.1 or 9.9.9.9 as a failsafe for the router itself. Your connected devices should use the DoT settings you just configured.

      • It is often recommended to disable the DNSSEC Support setting in Merlin when using an external DoT provider like NextDNS, as NextDNS performs its own DNSSEC validation. This can prevent unnecessary delays or conflicts.

    5. Verification (Since this is stored in the router's permanent settings, it should persist across reboots.)

      • Wait about 30 seconds for the router to re-establish its connection

      • On any device connected to your router visit: https://test.nextdns.io 

      • This test page quickly verifies if your device is using NextDNS, showing your active configuration profile, client IP, protocol (DoH, DoT, DoQ), and connection status ("ok" means properly configured). Example:

      • { "status": "ok", "protocol": "DOH", "profile": "abcdef1234567890", "client": "123.123.123.123", "srcIP": "123.123.123.123", "destIP": "188.172.221.9", "anycast": false, "server": "anexia-yto-1", "clientName": "dnscrypt" }

         

    • Salman_Kamal
    • 9 hrs ago
    • Reported - view

    Dear NextDNS Support Team,

     

    My account salmankamal622@gmail.com

     

    I’m using NextDNS’s private DNS setup on my Android device, and for the most part, it’s working well at the system level.

     

    However, there’s a specific issue we’re encountering: in browsers like Chrome that allow setting a custom DNS within the app, if we use the public, non-customized version of NextDNS there (the one without any filtering or custom blocklists), it ends up bypassing the system-level private DNS setting. In other words, when that public NextDNS server is set in Chrome, the system’s private DNS gets overridden. Interestingly, this doesn’t happen if we set other DNS providers like family dns—only the plain public NextDNS instance causes this behavior.

     

    We’d like to know if there’s any specific configuration or advice you can provide so that the private DNS setting always takes priority and we can avoid this bypass scenario.

     

    Thank you very much!

Login to reply

Content aside

  • 9 hrs agoLast active
  • 2Replies
  • 48Views
  • 3 Following