0

Device names not showing in NextDNS dashboard with ASUS Merlin + CLI (setup-router=false)

Hello,

I’m running NextDNS CLI on an ASUS RT-AX86U (Merlin firmware) and trying to achieve proper device name visibility in the NextDNS dashboard without breaking my current DNS architecture.

Goal:

  • See all LAN devices under a single profile
  • With real device names (hostnames)
  • Instead of IPs or generic Device #xxxx

Current architecture:

Clients → dnsmasq (router) → NextDNS CLI (127.0.0.1:5555) → NextDNS (DoH)

  • dnsmasq is actively used (local overrides, ad-blocking, etc.)
  • upstream configuration:
    server=127.0.0.1#5555
  • no-resolv
  • add-mac
  • add-subnet=32,128
  • NextDNS CLI config:

 

setup-router false

listen 127.0.0.1:5555

report-client-info true

use-hosts true

profile <id>

Observed behavior:

  • DNS resolution works correctly
  • Client IPs are correctly visible in query logs
  • However, in the dashboard devices appear as Device #xxxx

Important finding:

When setup-router=true is enabled, device names are correctly detected.

However, this mode:

  • modifies router DNS behavior
  • interferes with my existing dnsmasq-based setup (especially local overrides / Diversion)

So I must keep setup-router=false.

Expectation:

In setup-router=false mode, I would expect at least one of the following:

  • dnsmasq hostnames being forwarded to NextDNS
  • DHCP lease / hosts-based names reflected in dashboard
  • or a documented/recommended way to achieve this behavior

Additional notes:

  • CLI -config <IP>=<name> mapping was tested → no consistent result
  • MAC-based profile mapping works, but not suitable for my use case (I want a single profile)

Conclusion:

Without router mode, I cannot get device names in the dashboard.
With CLI in setup-router=false, names are not shown.

What is the recommended architecture for this use case?

Thanks in advance 🙏

2 replies

null
    • mkaand
    • 4 days ago
    • Reported - view

    Update – dnsmasq + NextDNS CLI hostname issue

    Quick update after further testing. I am not restating the full setup, only what was tested and observed.

    Current setup (unchanged)

    • ASUS Merlin router
    • dnsmasq is actively used (DHCP + local overrides)
    • NextDNS CLI runs on 127.0.0.1:5555
    • dnsmasq forwards to:
      server=127.0.0.1#5555
    • Key options: add-mac add-subnet=32,128 report-client-info=true discovery-dns=192.168.50.1

    What is confirmed working

    • Client IPs are correctly visible in NextDNS logs
      (192.168.50.x is preserved)
    • Local PTR resolution works via dnsmasq:
      nslookup 192.168.50.112 127.0.0.1→ correct hostname returned

    This confirms:

    • DHCP leases are correct
    • dnsmasq hostname resolution is working

    The issue

    NextDNS still shows devices as:

    Device #XXXX instead of hostnames.

    So:

    • IP is known
    • PTR works locally
    • but hostname is not used by NextDNS

    Tests performed

    1. discovery-dns

    • Tested with:
      • 127.0.0.1
      • 192.168.50.1
      • with and without :53
    • No change

    2. dnsmasq validation

    Confirmed active config:
    no-resolv server=127.0.0.1#5555 add-mac add-subnet=32,128
    dnsmasq forwarding is correct.

    3. Diversion / Skynet

    • Fully disabled (no iptables hooks, no dnsmasq modifications)

    No change.

    4. mDNS

    • Tested both enabled and disabled

    No change.

    5. hardened-privacy

    • Tested true / false

    No effect.

    6. detect-captive-portals

    • Enabled / disabled

    No effect.

    7. setup-router=true (important observation)
    When enabling:
    setup-router=true
    Device names appear correctly.

    However:

    • It overrides router DNS behavior
    • Breaks dnsmasq-based setup

    So it is not usable in this architecture.

    Key observation

    dnsmasq can resolve:
    IP → hostname (PTR)
    But NextDNS CLI does not seem to use that information, even with:
    discovery-dns<br>report-client-info=true<br>

    Question

    In a dnsmasq-forwarded setup (setup-router=false):

    How is NextDNS expected to obtain hostnames for local clients?

    Is PTR lookup for private IP ranges (192.168.x.x) supported or intentionally skipped?

    Goal

    Keep:

    • dnsmasq as primary resolver (for local overrides)

    While:

    • using NextDNS as upstream
    • and still getting proper device hostnames

    Any clarification or working example with this setup would be appreciated.

    • mkaand
    • 3 days ago
    • Reported - view

    Solved with help of ChatGPT.

    🎯 Goal

    Make all of these work together:

    • dnsmasq (primary resolver)
    • Diversion
    • Skynet
    • custom DNS overrides
    • NextDNS (DoH + logs)
    • device names in NextDNS (NOT Device #XXX)

    ❌ Problem

    When enabling:

     

    nextdns run -setup-router

    NextDNS rewrites:

     

    /jffs/scripts/dnsmasq.postconf

    and injects:

     

    exit 0

    This breaks:

    • custom address rules
    • Diversion
    • ipset logic

    🧠 Root Cause

    NextDNS keeps original script after:

     

    ## NextDNS END

    BUT:

     

    exit 0

    stops execution.

    ✅ Solution

    1. Enable router mode

     

    /jffs/nextdns/nextdns.init

    Change:

     

    cmd="$exe run"

    to:

     

    cmd="$exe run -setup-router"

    2. Use init (NOT manual run)

     

    /jffs/scripts/services-start

    should contain:

     

    /jffs/nextdns/nextdns.init start

    3. Create patch script

     

    /jffs/scripts/patch_nextdns_dnsmasq_postconf.sh

    #!/bin/sh

    POSTCONF="/jffs/scripts/dnsmasq.postconf"

    [ -f "$POSTCONF" ] || exit 0

    awk '
    BEGIN { done=0 }
    /^[[:space:]]*exit 0[[:space:]]*$/ && done==0 {
    print " # exit 0 # disabled by local NextDNS patch"
    done=1
    next
    }
    { print }
    ' "$POSTCONF" > /tmp/dnsmasq.postconf.patched && mv /tmp/dnsmasq.postconf.patched "$POSTCONF"

    sed -i 's|^echo "server=127\.0\.0\.1#5555"|# disabled by patch: echo "server=127.0.0.1#5555"|' "$POSTCONF"
    sed -i 's|^echo "add-mac"|# disabled by patch: echo "add-mac"|' "$POSTCONF"
    sed -i 's|^echo "add-subnet=32,128"|# disabled by patch: echo "add-subnet=32,128"|' "$POSTCONF"

    chmod +x "$POSTCONF"

    4. Hook patch into init

    Add AFTER:

     

    $cmd &
    echo $! > "$pid_file"

    (
    sleep 10

    for i in 1 2 3 4 5; do
    if grep -q "Configuration generated by NextDNS" /jffs/scripts/dnsmasq.postconf 2>/dev/null; then
    break
    fi
    sleep 2
    done

    /jffs/scripts/patch_nextdns_dnsmasq_postconf.sh
    service restart_dnsmasq
    ) &

    🧪 Result

     

    server=127.0.0.1#5342
    add-mac
    add-subnet=32,128
    address=/your.domain/192.168.x.x
    conf-file=/opt/share/diversion/list/blockinglist.conf

    ✅ Outcome

    • ✔ Device names working
    • ✔ Diversion working
    • ✔ Skynet working
    • ✔ Custom overrides working
    • ✔ Survives reboot

    ⚠️ Note

    With add-mac:

    • NextDNS shows device names instead of IPs
    • This is expected behavior

    🏁 Summary

     

    NextDNS adds "exit 0" → breaks dnsmasq.postconf

    Fix:

     

    Patch that exit → restore original logic

    🤖 Credit

    Solved with ChatGPT through debugging and testing.

Login to reply

Content aside

  • 3 days agoLast active
  • 2Replies
  • 53Views
  • 1 Following