NextDNS CLI - Listen only on specific IP address?
I am running NextDNS CLI on a Cloud hosted Debian Server. I am also running a StrongSwan iKEv2 VPN server on the same machine.
My current IP addresses on the server machine:
Public IPv4 (xxx.yyy.zzz.aaa)
Public IPv6 (aaa.bbb.ccc.x........)
Private IPv4 (10.1.1.254)
The default installation of NextDNS CLI is installed and it is listening on all IP addresses. Meaning that all my IP addresses (including my Public IP address) is listening as a DNS server.
What changes do I make to my nextdns.conf so that it acts as a DNS listener only on a specific IP address (mainly only on internal private IP address like 10.1.1.254)
My current nextdns.conf looks like below
auto-activate true
bogus-priv true
cache-max-age 0s
cache-size 10MB
config ca2f5e
control /var/run/nextdns.sock
detect-captive-portals false
discovery-dns
hardened-privacy false
listen localhost:53
log-queries false
max-inflight-requests 256
max-ttl 5s
mdns all
report-client-info true
setup-router true
timeout 5s
use-hosts true
What I would like is that my Debian Server should only respond to DNS requests that arrive on IP address 10.1.1.254 only. I do not want my server to become a DNS server on the public IP address, only on my specific private IP.
Help please...
7 replies
-
setup-router: false listen: 10.1.1.254:53
-
Essentially, what I am trying to do is stop advertising my server as a public DNS server.
When my VPN clients connect to this server, I assign them addresses like 10.1.1.2, 10.1.1.3, and so on.... and I provide the clients a DNS address of 10.1.1.254.
Since, the 10.1.1.254 private address is only available to my VPN clients, I am effectively preventing any 'unknown clients' trying to access my DNS server.
The above was working fine with AdGuard Home (and I used the same 10.1.1.254 address). I was running AdGuard Home with DNS binding on 10.1.1254.
I then decided to switch to NextDNS. Uninstalled AdGuard, installed NextDNS CLI.
Everything works fine, if I use
setup-router true listen: localhost:53
but VPN clients cannot resolve anything if I use what you suggested...
setup-router: false listen: 10.1.1.254:53
-
@NextDNS
I think I figured out, it was a typo !!!
I was using listen: 10.1.1.254:53 instead of the correct notation
listen 10.1.1.254:53
Dumb of me, really !
Thanks for your help...
Is there any help/ document/ guide/ forum link that explains each of the nextdns.conf settings in detail?
I have seen the GitHub wiki, but it does not explain all the config parameters..
Content aside
- 1 yr agoLast active
- 7Replies
- 1090Views
-
3
Following