0

Unifi CLI app stopped working - out of ideas, please help!

I'm using the CLI app on a unifi USG-3P router.  The app installs fine and appears to be running.  Nothing interesting in the CLI app logs.  However all of my clients are getting DNS addresses for both NextDNS and Cloudflare. 

Here is a result of a DNS leak test from a client.  The client has DNS set to point at the router.

In the router, all DNS settings are set to auto.  I've tried downgrading the CLI app version to 1.39.4, but got the same results. 

This has worked for me perfectly for years.  I made some changes recently (upgraded the CLI app, added a new VLAN, added profiles to the NextDNS CLI app), and that's when the issues started.  I tried rolling back those changes, but I'm still having the same issues.  To stop this issue, I can directly set the DNS IP for the network in the router, but then I lose the functionality of the CLI app (device identification, DOH).  Please help!

 

Results of `nextdns log`:

Dec  6 08:36:41 ubnt nextdns[11895]: Starting NextDNS 1.41.0/linux on 127.0.0.1:5342
Dec  6 08:36:41 ubnt nextdns[11895]: Starting mDNS discovery
Dec  6 08:36:41 ubnt nextdns[11895]: Listening on TCP/127.0.0.1:5342
Dec  6 08:36:41 ubnt nextdns[11895]: Listening on UDP/127.0.0.1:5342
Dec  6 08:36:46 ubnt nextdns[11895]: Setting up edgeos router
Dec  6 08:36:51 ubnt nextdns[11895]: Connected 45.90.28.0:443 (con=28ms tls=1490ms, TCP, TLS13)
Dec  6 08:36:52 ubnt nextdns[11895]: Connected 207.246.91.188:443 (con=42ms tls=499ms, TCP, TLS13)
Dec 6 08:36:52 ubnt nextdns[11895]: Switching endpoint: https://dns.nextdns.io#207.246.91.188,162.220.223.23,2001:19f0:5:663d:5400:2ff:fece:2f14,2a00:11c0:46:4::5

When I run `curl -L https://test.nextdns.io` from the router (multiple times), I get different results. Presumably caused by connecting to a different DNS server?

user@ubnt:~$ curl -L https://test.nextdns.io
{
        "status": "unconfigured",
        "resolver": "108.162.218.47",
        "ecs": "71.185.48.0/24/0",
        "srcIP": "71.185.63.548",
        "server": "anexia-ewr-1"
}
user@ubnt:~$ curl -L https://test.nextdns.io
{
        "status": "ok",
        "protocol": "DOH",
        "profile": "REDACTED",
        "client": "71.185.63.548",
        "srcIP": "71.185.63.548",
        "destIP": "207.246.91.188",
        "anycast": false,
        "server": "vultr-ewr-1",
        "clientName": "nextdns-cli",
        "deviceName": "ubnt",
        "deviceID": "REDACTED",
        "deviceIP": "127.0.0.1"
}

user@ubnt:~$ sudo nextdns config
use-hosts true
timeout 5s
discovery-dns
cache-max-age 0s
detect-captive-portals false
hardened-privacy false
control /var/run/nextdns.sock
cache-size 0
log-queries false
mdns all
max-inflight-requests 256
setup-router true
debug false
listen localhost:53
report-client-info true
bogus-priv true
auto-activate false
profile [REDACTED]
max-ttl 0s

3 replies

null
    • Randy.2
    • 4 mths ago
    • Reported - view

    Interestingly, if I stop the nextdns cli service, then I immediately get different results from the DNS leak test.  These are the results I'd expect from my ISP (Verizon).  It seems like the CLI app is the one sending queries to cloudflare. 

    • Randy.2
    • 4 mths ago
    • Reported - view

    Well, I figured out my issues.  When installing the CLI app I disabled cache.  When I enabled cache, it immediately started working as expected.  I wonder if this is a bug. 

      • R_P_M
      • 4 mths ago
      • Reported - view

      So every value other than 0 for cache size makes it work correctly? 

Login to reply

Content aside

  • 4 mths agoLast active
  • 3Replies
  • 140Views
  • 2 Following