0

dnsmasq setup with NextDNS

Hi all, 

I found this guide : https://github.com/nextdns/nextdns/wiki/DNSMasq-Integration but I think it may require some clarifications, it is a little raw right now.

I'm using NextDNS cli on my Macbook and I need to use also dsnmasq. Whenever I issue 

nextdns activate

 I loose internet connectivity. 

Help would be appreciated. 

Thanks

13 replies

null
    • Axel_Demain
    • 2 yrs ago
    • Reported - view

    When changing NextDNS port, I get : 

     

    sh-3.2# nextdns activate
Error: activate: 127.0.0.1:5555: non 53 port not supported

    This is not even consistent with this doc: https://github.com/nextdns/nextdns/wiki/Configuration-File-Format 

    # Example configuration for NextDNS.
listen :5353
setup-router yes
report-client-info yes (empty)
    • Axel_Demain
    • 2 yrs ago
    • Reported - view

    Found this ticket, digging into it right now: 

    https://github.com/nextdns/nextdns/issues/97

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Axel Demain You don’t issue the command “nextdns activate” if you are using dnsmasq. 

      You just need “nextdns start” to have it running. 

      Also “auto activate” needs to be false in the nextdns config. 

      • Axel_Demain
      • 2 yrs ago
      • Reported - view

      R P M thank you !! OK I get it

    • Axel_Demain
    • 2 yrs ago
    • Reported - view

    I made it work for a while: dnsmasq was properly resolving local lookups and forwarding to nextdns on port 5555. Even my.nextdns.io was showing "You are using nextdns".

    But this is unstable: I connected to a distant VPN for a while. When I logged out, I could not resolv external lookups (internal lookups were still working fine).  

    sh-3.2# telnet localhost 53
Trying ::1...
Connected to localhost.
Escape character is '^]'.

     

    sh-3.2# telnet localhost 5555
Trying ::1...
Connected to localhost.
Escape character is '^]'.

     

    sh-3.2# nslookup hello.test
Server:        127.0.0.1
Address:    127.0.0.1#53  Name:    hello.test
Address: 127.0.0.1

     

    sh-3.2# nslookup google.com
Server:        127.0.0.1
Address:    127.0.0.1#53  ** server can't find google.com: REFUSED

    A nextdns restart did not fix.

    Any help would be appreciated. 

    Thanks

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Axel Demain How strange. Did you also try restarting dnsmasq?

      • Axel_Demain
      • 2 yrs ago
      • Reported - view

      R P M yes I tried and strangely enough, dig works: 

       

      ➜  ~ dig @127.0.0.1 google.com -p 53  ; <<>> DiG 9.10.6 <<>> @127.0.0.1 google.com -p 53
;; Got answer:
google.com.        180    IN    A    142.250.178.142  ;; Query time: 2 msec

       

      ➜ ~ dig @127.0.0.1 google.com -p 5555
;; Got answer:
google.com. 5 IN A 142.250.201.174
      • Axel_Demain
      • 2 yrs ago
      • Reported - view

      Axel Demain actually the symptom is the following but it doesn't really make sense: 

      whenever I set 127.0.0.1 (as unique DNS) in my WLAN network DNS settings, nslookup stops working and I can't resolve anything (nothing accessible with browser). 

      But when I remove this DNS setting, I can resolve and most of all, nslookup google.com 127.0.0.1 works.

      Dig @127.0.0.1 works with or without the DNS network setting. 

      I might be tired, something I'm missing probably.

      • Axel_Demain
      • 2 yrs ago
      • Reported - view

      Axel Demain well clearly something is not working with the forwarding between dnsmasq and nextdns whenever I disconnect from VPN. A dig on port 5555 does resolve but not on port 53. 

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Axel Demain OK, so something going on with VPN.

      How are you connecting to this VPN? Do you know the type?

      Also check the file “/etc/resolv.conf” before and after using the VPN. (I’m fairly certain that is there on macOS but not sure with 11+)

      • Axel_Demain
      • 2 yrs ago
      • Reported - view

      R P M thanks, I'm using Surfshark. I did more testing today. 

      When booting my laptop, everything is fine. When disconnecting from VPN, I cannot resolve anything. If I query  

      dig @127.0.0.1 google.com -p 5555

       then NextDNS will resolve fine but 

      dig @127.0.0.1 google.com -p 53

      will not resolve. 

      I tried to understand why, I checked resolv.conf but nothing there. I tried to down and up my network interface, no luck. When I reboot, everything works fine again. 

      Surfshark seems to be using Wireguard. However, when I connect and disconnect from my own home VPN (IPSEC), I have no problem. So Surfshark is clearly doing something. 

      • Axel_Demain
      • 2 yrs ago
      • Reported - view

      EDIT : rebooting dnsmasq does the trick. I'll have to check what Surfshark is doing with dnsmasq

    • Jason_Hollis
    • 1 yr ago
    • Reported - view

    If you are leveraging the VPN from your Mac you might want to check out Viscosity.  You can configure it to reset the network when you close you VPN and I suspect that will sort you out.

Login to reply

Content aside

  • 1 yr agoLast active
  • 13Replies
  • 1337Views
  • 3 Following