0

NextDNS CLI - Asus AX86U

I managed to install NextDNS CLI on my Asus AX86U and it's working fine so far. I have a few questions about it though.

1. Is it necessary to set something under "WAN - Internet connection" -> "WAN DNS settings" or just leave it blank?

2. Is it necessary to set something under "LAN - DNS Director" or just leave it blank?

3. Is there any information or help anywhere about what you can write under "/jffs/nextdns/nextdns.conf" and "/jffs/scripts/dnsmasq.postconf" to ensure security and performance?

4. Unfortunately I'm not a professional and don't really understand what is described on Github for recognizing clients. Do I have to create a configuration like this for each device or can it be automated?

14 replies

null
    • tnpapa.1
    • 4 mths ago
    • Reported - view

    Nothing to set or add. I am running the same router. Just install the CLI and you are all done, all your devices will now go through the router to NextDNS. You only need profiles on your devices if you want to stay on NextDNS when you are not home,

    • NextDNSFreak
    • 4 mths ago
    • Reported - view

    Thank you for your helpful answer. Unfortunately, the devices are not displayed on NextDNS.io when NextDNS CLI is running. But if I run the APK on the mentioned device, they do. I have tested it on a Fire TV Stick.

    Ultimately, it should run for all devices with their own identifier via NextDNS CLI in the router. I have an annual account with NextDNS.io.

    What also makes me wonder about the installation is:
    Make NextDNS CLI cache responses. This improves latency and reduces the amount of queries sent to NextDNS.
    Note that enabling this feature will disable dnsmasq for DNS to avoid double
    caching.

    Isn't dnsmasq important for the identification of individual devices?

    Translated with DeepL.com (free version)

      • tnpapa.1
      • 4 mths ago
      • Reported - view

       Did you remove all DNS settings in the LAN and WAN sections. If not you are overriding the CLI.  The CLI takes over for dnsmasq.  You also have to set the profiles on your devices to NOT be active when on your home network, or they will bypass the router DNS.
      Let the CLI do its job.

      Screen shots showing the settings attached.

      • Anders_Eriksson
      • 3 mths ago
      • Reported - view

      Do NextDNS support DoT now? 

      • tnpapa.1
      • 3 mths ago
      • Reported - view

       The CLI is DoH.  If you set up manually instead, the DoT servers are listed on your NextDNS setup page and you can put those in your router.

    • NextDNSFreak
    • 4 mths ago
    • Reported - view

    All right, I've understood it so far. Simply install and do not make any further settings in the WebGUI.

    However, I would like to create a separate identifier for all devices in the home network. As described at https://github.com/nextdns/nextdns/wiki/Conditional-Profile. But I'm still stuck there. A separate config for each device or is a file where all devices are listed individually sufficient?

    Translated with DeepL.com (free version)

    • tnpapa.1
    • 4 mths ago
    • Reported - view

    You do not need any NextDNS software or profiles on your devices. The CLI will get the device names directly from the AX86U. As long as you have assigned names to them in the router, NextDNS will pick that up.  The only devices you might want to put a NextDNS profile on is any device you take outside of your home. Then you need the profile so they use NextDNS when on someone else network or cellular.

    • tnpapa.1
    • 4 mths ago
    • Reported - view
    • NextDNSFreak
    • 4 mths ago
    • Reported - view

    Ok, I was able to find the problem. My VPN provider Mullvad blocks port 53 and if the device is not running over VPN then NextDNS CLI recognises it too. No matter what I try to change in any config, port 53 doesn't seem to change. So this constellation is unusable for me and I have to install the APP on every device within my network. Which is a pity.

    • tnpapa.1
    • 4 mths ago
    • Reported - view

    You run a VPN on your router or on the devices?  If you run a VPN on either,  then NextDNS will be of no use to you, as you will be using the DNS servers of your VPN service.

    • NextDNSFreak
    • 4 mths ago
    • Reported - view

    I use VPN on the router, not on the devices. NextDNS also runs as an app on the devices themselves, but you would always have to check whether NextDNS was also started after the restart - which is usually not the case. That's why I came up with the idea of installing NextDNS CLI, which can then handle this task at the router level.

    And if the ‘listen port 53’ in NextDNS CLI is ‘hardcoded’, does that do me no good, or can I change that somehow?

    • tnpapa.1
    • 4 mths ago
    • Reported - view

    It's one or the other. You cant run both. The whole idea of a VPN is to mask your IP from your ISP, your DNS and the site you go to.  

    • NextDNSFreak
    • 4 mths ago
    • Reported - view

    The AX86U distributes the VPN to the devices. But when I see what NextDNS blocks and Mullvad doesn't, I find the combination Mullvad /NextDNS really strong. 

    • NextDNSFreak
    • 1 mth ago
    • Reported - view

    I have now managed to do this. But now I see some of my clients twice under “nextdns.io/statistics”. These are the smartphones that are protected under “Settings - Private DNS”. In the home network in the WLAN, nextdns cli is running and this is causing the duplicate entries.

     

    Is there any way to solve this in the config under “/jffs/nextdns/nextdns.conf”? I have already tried it with

    clients:
       - 192.168.*.*
       - 192.168.*.*
    

    , but it remains the same.

Content aside

  • 1 mth agoLast active
  • 14Replies
  • 280Views
  • 3 Following