0

dnsmasq setup with NextDNS

Hi all, 

I found this guide : https://github.com/nextdns/nextdns/wiki/DNSMasq-Integration but I think it may require some clarifications, it is a little raw right now.

I'm using NextDNS cli on my Macbook and I need to use also dsnmasq. Whenever I issue 

nextdns activate

 I loose internet connectivity. 

Help would be appreciated. 

Thanks

13 replies

null
    • Axel_Demain
    • 1 yr ago
    • Reported - view

    When changing NextDNS port, I get : 

     

    sh-3.2# nextdns activate
    Error: activate: 127.0.0.1:5555: non 53 port not supported

    This is not even consistent with this doc: https://github.com/nextdns/nextdns/wiki/Configuration-File-Format

    # Example configuration for NextDNS.
    listen :5353
    setup-router yes
    report-client-info yes (empty)
    • Axel_Demain
    • 1 yr ago
    • Reported - view

    Found this ticket, digging into it right now: 

    https://github.com/nextdns/nextdns/issues/97

      • R_P_M
      • 1 yr ago
      • Reported - view

      Axel Demain You don’t issue the command “nextdns activate” if you are using dnsmasq. 

      You just need “nextdns start” to have it running. 

      Also “auto activate” needs to be false in the nextdns config. 

      • Axel_Demain
      • 1 yr ago
      • Reported - view

      R P M thank you !! OK I get it

    • Axel_Demain
    • 1 yr ago
    • Reported - view

    I made it work for a while: dnsmasq was properly resolving local lookups and forwarding to nextdns on port 5555. Even my.nextdns.io was showing "You are using nextdns".

    But this is unstable: I connected to a distant VPN for a while. When I logged out, I could not resolv external lookups (internal lookups were still working fine). 

    sh-3.2# telnet localhost 53
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.

     

    sh-3.2# telnet localhost 5555
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.

     

    sh-3.2# nslookup hello.test
    Server:        127.0.0.1
    Address:    127.0.0.1#53  Name:    hello.test
    Address: 127.0.0.1

     

    sh-3.2# nslookup google.com
    Server:        127.0.0.1
    Address:    127.0.0.1#53  ** server can't find google.com: REFUSED

    A nextdns restart did not fix.

    Any help would be appreciated. 

    Thanks

      • R_P_M
      • 1 yr ago
      • Reported - view

      Axel Demain How strange. Did you also try restarting dnsmasq?

      • Axel_Demain
      • 1 yr ago
      • Reported - view

      R P M yes I tried and strangely enough, dig works: 

       

      ➜  ~ dig @127.0.0.1 google.com -p 53  ; <<>> DiG 9.10.6 <<>> @127.0.0.1 google.com -p 53
      ;; Got answer:
      google.com.        180    IN    A    142.250.178.142  ;; Query time: 2 msec
      
      

       

      ➜ ~ dig @127.0.0.1 google.com -p 5555
      ;; Got answer:
      google.com. 5 IN A 142.250.201.174
      
      • Axel_Demain
      • 1 yr ago
      • Reported - view

      Axel Demain actually the symptom is the following but it doesn't really make sense: 

      whenever I set 127.0.0.1 (as unique DNS) in my WLAN network DNS settings, nslookup stops working and I can't resolve anything (nothing accessible with browser). 

      But when I remove this DNS setting, I can resolve and most of all, nslookup google.com 127.0.0.1 works.

      Dig @127.0.0.1 works with or without the DNS network setting. 

      I might be tired, something I'm missing probably.

      • Axel_Demain
      • 1 yr ago
      • Reported - view

      Axel Demain well clearly something is not working with the forwarding between dnsmasq and nextdns whenever I disconnect from VPN. A dig on port 5555 does resolve but not on port 53. 

      • R_P_M
      • 1 yr ago
      • Reported - view

      Axel Demain OK, so something going on with VPN.

      How are you connecting to this VPN? Do you know the type?

      Also check the file “/etc/resolv.conf” before and after using the VPN. (I’m fairly certain that is there on macOS but not sure with 11+)

      • Axel_Demain
      • 1 yr ago
      • Reported - view

      R P M thanks, I'm using Surfshark. I did more testing today. 

      When booting my laptop, everything is fine. When disconnecting from VPN, I cannot resolve anything. If I query 

      dig @127.0.0.1 google.com -p 5555

       then NextDNS will resolve fine but

      dig @127.0.0.1 google.com -p 53

      will not resolve. 

      I tried to understand why, I checked resolv.conf but nothing there. I tried to down and up my network interface, no luck. When I reboot, everything works fine again. 

      Surfshark seems to be using Wireguard. However, when I connect and disconnect from my own home VPN (IPSEC), I have no problem. So Surfshark is clearly doing something. 

      • Axel_Demain
      • 1 yr ago
      • Reported - view

      EDIT : rebooting dnsmasq does the trick. I'll have to check what Surfshark is doing with dnsmasq

    • Jason_Hollis
    • 1 yr ago
    • Reported - view

    If you are leveraging the VPN from your Mac you might want to check out Viscosity.  You can configure it to reset the network when you close you VPN and I suspect that will sort you out.

Content aside

  • 1 yr agoLast active
  • 13Replies
  • 1084Views
  • 3 Following