dnsmasq setup with NextDNS
Hi all,
I found this guide : https://github.com/nextdns/nextdns/wiki/DNSMasq-Integration but I think it may require some clarifications, it is a little raw right now.
I'm using NextDNS cli on my Macbook and I need to use also dsnmasq. Whenever I issue
nextdns activateI loose internet connectivity.
Help would be appreciated.
Thanks
-
When changing NextDNS port, I get :
sh-3.2# nextdns activate Error: activate: 127.0.0.1:5555: non 53 port not supportedThis is not even consistent with this doc: https://github.com/nextdns/nextdns/wiki/Configuration-File-Format
# Example configuration for NextDNS. listen :5353 setup-router yes report-client-info yes(empty) -
Found this ticket, digging into it right now:
-
Axel Demain You don’t issue the command “nextdns activate” if you are using dnsmasq.
You just need “nextdns start” to have it running.
Also “auto activate” needs to be false in the nextdns config.
-
R P M thank you !! OK I get it
-
-
I made it work for a while: dnsmasq was properly resolving local lookups and forwarding to nextdns on port 5555. Even my.nextdns.io was showing "You are using nextdns".
But this is unstable: I connected to a distant VPN for a while. When I logged out, I could not resolv external lookups (internal lookups were still working fine).
sh-3.2# telnet localhost 53 Trying ::1... Connected to localhost. Escape character is '^]'.sh-3.2# telnet localhost 5555 Trying ::1... Connected to localhost. Escape character is '^]'.sh-3.2# nslookup hello.test Server: 127.0.0.1 Address: 127.0.0.1#53 Name: hello.test Address: 127.0.0.1sh-3.2# nslookup google.com Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find google.com: REFUSEDA nextdns restart did not fix.
Any help would be appreciated.
Thanks
-
Axel Demain How strange. Did you also try restarting dnsmasq?
-
R P M yes I tried and strangely enough, dig works:
➜ ~ dig @127.0.0.1 google.com -p 53 ; <<>> DiG 9.10.6 <<>> @127.0.0.1 google.com -p 53 ;; Got answer: google.com. 180 IN A 142.250.178.142 ;; Query time: 2 msec➜ ~ dig @127.0.0.1 google.com -p 5555 ;; Got answer: google.com. 5 IN A 142.250.201.174 -
Axel Demain actually the symptom is the following but it doesn't really make sense:
whenever I set 127.0.0.1 (as unique DNS) in my WLAN network DNS settings, nslookup stops working and I can't resolve anything (nothing accessible with browser).
But when I remove this DNS setting, I can resolve and most of all, nslookup google.com 127.0.0.1 works.
Dig @127.0.0.1 works with or without the DNS network setting.
I might be tired, something I'm missing probably.
-
Axel Demain well clearly something is not working with the forwarding between dnsmasq and nextdns whenever I disconnect from VPN. A dig on port 5555 does resolve but not on port 53.
-
Axel Demain OK, so something going on with VPN.
How are you connecting to this VPN? Do you know the type?
Also check the file “/etc/resolv.conf” before and after using the VPN. (I’m fairly certain that is there on macOS but not sure with 11+)
-
R P M thanks, I'm using Surfshark. I did more testing today.
When booting my laptop, everything is fine. When disconnecting from VPN, I cannot resolve anything. If I query
dig @127.0.0.1 google.com -p 5555then NextDNS will resolve fine but
dig @127.0.0.1 google.com -p 53will not resolve.
I tried to understand why, I checked resolv.conf but nothing there. I tried to down and up my network interface, no luck. When I reboot, everything works fine again.
Surfshark seems to be using Wireguard. However, when I connect and disconnect from my own home VPN (IPSEC), I have no problem. So Surfshark is clearly doing something.
-
EDIT : rebooting dnsmasq does the trick. I'll have to check what Surfshark is doing with dnsmasq
-
-
If you are leveraging the VPN from your Mac you might want to check out Viscosity. You can configure it to reset the network when you close you VPN and I suspect that will sort you out.
