DNS rewrites not working

Hi there,

I want to use NextDNS in my future setup. Right now I have some instances which are hosted at my home server and are accessible from outside. However, if I'm connected with my home network I obviously want that the connection is not routed via external (public IP) and rather routed within the local network.

To achieve this, I want to use the DNS rewrite feature of NextDNS so that a specific record (let's say for e.g. cloud.mydomain.com) is redirect to instead of 85.xx.xx.xx (enter random public IPv4 address here).

Unfortunately, this seems not to work right now for me. I have set multiple records which are pointing to the internal IP address for e.g. for cloud.mydomain.com, news.mydomain.com, lib.mydomain.com and so on. The result is always the same: NextDNS does not show the IP address. The result is always empty (the DNS requests are routed over my home router and my router is asking NextDNS via DNS-over-TLS).

When I'm configuring a client in my network to directly talk to the NextDNS servers (over IPv4 or v6), I'm getting the public IP address for that instance instead. In the logs I can see the DNS requests coming from my network and NextDNS seems to answer them (at least that's what the logs are saying. Unfortunately I can't see what exactly NextDNS is returning as a result).

What am I missing here?

Thanks in advance

6replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • "Unfortunately I can't see what exactly NextDNS is returning as a result"

    https://dns.nextdns.io/YourID?name=domain&type=A or AAAA


      • Paul
      • Paul.2
      • 1 yr ago
      • Reported - view

      losnad Thanks, this was really helpful! These links indeed are reporting the public IP adresses instead of the private ones.

      Most of the records that I want to rewrite, are CNAMEs which are pointing to a different subdomain. Although I've also added the target subdomain to the NextDNS rewrite rules, it didn't worked. With disabled CNAME-Flattening (which was just a wild guess) the domains are now resolved with the correct IP adresses (private ones). However, this only works if I use the DNS servers from NextDNS directly in my OSes. It doesn't work when I'm using my router as a forwarder (= my clients are normally sending DNS requests to my router and my router forwards them to NextDNS).

      When using my router as my primary DNS resolver for my clients, I can see the DNS queries within the NextDNS logs, but the results for the rewritten rules are still empty. It seems like my router is discarding them as "non reliable" or something. It's a FritzBox router from the manufacturer AVM. Can anbody tell me what I have to do so that the router also resolves the "correct" IP addresses?

  • Have you tried a single root domain rewrite (eg, mydomain.com) to

  • I fixed the issue! Thank you for your help!

    I have to list all the records that are going to be rewritten by NextDNS in my FritzBox "DNS rebind protection" list. This list ensures, that an answer which comes from a DNS resolver outside of my local network and is pointing to a IP address in my local network is being discarded. After listing all the subdomains in the DNS rebing protection list, the result as exactly as it should be.

    Like 1
      • Nenad
      • Nenad
      • 10 mths ago
      • Reported - view

      Paul I just created an account to thank you for this! I had the exact same issue and your tip helped me fix it.

  • @Paul Thanks for the hint.

    I use Portmaster and a FritzBox.
    You need to disable  the 'Enforce Global/Private Split-View'-Option in Portmaster as well to get a working 'rewrite':

Like1 Follow
  • 6 mths agoLast active
  • 6Replies
  • 652Views
  • 4 Following