NextDNS CLI - Listen only on specific IP address?
I am running NextDNS CLI on a Cloud hosted Debian Server. I am also running a StrongSwan iKEv2 VPN server on the same machine.
My current IP addresses on the server machine:
Public IPv4 (xxx.yyy.zzz.aaa)
Public IPv6 (aaa.bbb.ccc.x........)
Private IPv4 (10.1.1.254)
The default installation of NextDNS CLI is installed and it is listening on all IP addresses. Meaning that all my IP addresses (including my Public IP address) is listening as a DNS server.
What changes do I make to my nextdns.conf so that it acts as a DNS listener only on a specific IP address (mainly only on internal private IP address like 10.1.1.254)
My current nextdns.conf looks like below
auto-activate true bogus-priv true cache-max-age 0s cache-size 10MB config ca2f5e control /var/run/nextdns.sock detect-captive-portals false discovery-dns hardened-privacy false listen localhost:53 log-queries false max-inflight-requests 256 max-ttl 5s mdns all report-client-info true setup-router true timeout 5s use-hosts true
What I would like is that my Debian Server should only respond to DNS requests that arrive on IP address 10.1.1.254 only. I do not want my server to become a DNS server on the public IP address, only on my specific private IP.
Essentially, what I am trying to do is stop advertising my server as a public DNS server.
When my VPN clients connect to this server, I assign them addresses like 10.1.1.2, 10.1.1.3, and so on.... and I provide the clients a DNS address of 10.1.1.254.
Since, the 10.1.1.254 private address is only available to my VPN clients, I am effectively preventing any 'unknown clients' trying to access my DNS server.
The above was working fine with AdGuard Home (and I used the same 10.1.1.254 address). I was running AdGuard Home with DNS binding on 10.1.1254.
I then decided to switch to NextDNS. Uninstalled AdGuard, installed NextDNS CLI.
Everything works fine, if I use
setup-router true listen: localhost:53
but VPN clients cannot resolve anything if I use what you suggested...
setup-router: false listen: 10.1.1.254:53
I think I figured out, it was a typo !!!
I was using listen: 10.1.1.254:53 instead of the correct notation
Dumb of me, really !
Thanks for your help...
Is there any help/ document/ guide/ forum link that explains each of the nextdns.conf settings in detail?
I have seen the GitHub wiki, but it does not explain all the config parameters..