Clients on the LAN cannot resolve DNS queries via the NextDNS daemon running on the router; although the router itself resolves DNS ok

• NextDNS daemon: Running and listening on 127.0.0.1:53 only when started manually; system service fails to bind properly on startup.

• dnsmasq: Configured to forward DNS queries to 127.0.0.1 and listen on LAN interface (eth1 or equivalent).

• Router resolv.conf: Set to nameserver 127.0.0.1.

• Port 53 status: Occupied by nextdns only when manually launched; no listener when running as service.

• Systemd-resolved: Not interfering (disabled or not present).

• DNS test results:

  • dig google.com @127.0.0.1 works from router when daemon manually started.

  • nslookup google.com <router LAN IP> fails from clients.

nextdns version 1.46.0
EdgeRouter X 5-Port, Version:      v2.0.9-hotfix.6

I was able to get this working using dns forward service set to static IPs for NextDNS but wanitng to encyrpt dns queries.

Please help its driving me nuts :)