0

Setting up NextDNS on Ubuntu in resolved.conf doesn't work with VPNs DNS

Greetings,

I followed the recommended setup guide for Linux, which is overriding the /etc/systemd/resolved.conf file with what's provided in NextDNS web UI; however, when this is setup, private ips that are only known on VPNs are no longer resolved, written in a simpler way, setting up NextDNS does not allow VPNs to use their own DNS servers and resolve properly.

This might not be a bug with NextDNS itself (feel free to move it if that's not the case) but I feel that being given that configuration as Recommended, and breaking other things is not what I would call expected behavior.

Let me know if anybody else has faced a similar behavior and know a fix.

4 replies

null
    • Lifetech_Solutions
    • 1 yr ago
    • Reported - view

    NextDNS has been a beat down. I started this a week ago and NOTHING matches what they have documented. The CLI instructions are cryptic and if you ask a question you get a condecending answer thatas more crypted from a dev. Its not worth it. I can kiss that money goodbye

    • Application & Systems Administrator
    • Arie
    • 1 yr ago
    • Reported - view

    Mine resolved.conf looks like this:

    DNS=45.90.28.0#<nextden-id>.dns1.nextdns.io
    #DNS=2a07:a8c0::#<nextden-id>..dns1.nextdns.io
    DNS=45.90.30.0#<nextden-id>..dns2.nextdns.io
    #DNS=2a07:a8c1::#<nextden-id>..dns2.nextdns.io
    DNSOverTLS=yes

    Not using ipv6 here, if you do you should enable them to.

    restart the service after changing the file.

    Some (DOH) DNS services are blocked on VPN services.

    sc6,,

    • Storm
    • 1 yr ago
    • Reported - view

    Thanks for the responses so far.

    What I've found after further investigation is that the issue lies mainly within the network-manager-openvpn plugin, which doesn't implement a lot of openvpn client features.

    Another reason for VPN DNS not working is setting the following configuration:
    DNSOverTLS=yes

    Because the VPN DNS does not rely on DoT protocol, the system won't use it at all due to that config.

    Instead I'm setting the config as:
    DNSOverTLS=opportunistic

    This allow's non DoT servers to work as well, the only drawback being NextDNS page does not recognize the device as "This device is using NextDNS with this profile.", even if the logs are showing up.

    Will keep testing but the configuration as opportunistic works better for me.

    • Noe
    • 10 mths ago
    • Reported - view

    I have the same problem, but setting the config with DNSOverTLS=opportunistic don't works for me. We need a solution...

    I use Debian 12.

Content aside

  • 10 mths agoLast active
  • 4Replies
  • 1243Views
  • 4 Following