0

unencrypted IP

Hello 

I am in odd situation where i have local nextdns setup on raspberry pi everything is working fine, unless when i change my Gateway (public IP  x.x.x.x ) DNS to 45.90.28.44, 45.90.30.44 on the firewall, in the logs public IP x.x.x.x  show as unencrypted.  the minute i change the DNS to something else example 8.8.8.8. everything is going back to normal. any idea?

I am using Ubiquity UXG-Pro

9 replies

null
    • R_P_M
    • 1 yr ago
    • Reported - view

    Your router should be set DNS to local IP of the RPi. 

      • Kurdtech
      • 1 yr ago
      • Reported - view

      R P M are you referring to WAN interface, right? Not LAN DHCP/DNS

      • R_P_M
      • 1 yr ago
      • Reported - view

      demo No, don’t set anything for the WAN side, leave as default, don’t use NextDNS IPs either unless you want to see lots of unencrypted unidentified lookups from your router.  

    • Kurdtech
    • 1 yr ago
    • Reported - view

    At some point all traffic passing through the WAN interface where ISP DNS dominates (my goal was eliminated that at WAN side).  Despite all Local DNS forwarded to NextDNS. Well, I think since logs show all encrypted I am fine with that. Thankyou RPM.


    One last question unrelated to the subject, 

    • dose nextdns offer conditional forwarding. 
    • How to enable local DNS resolver most names show as Device#123
      • R_P_M
      • 1 yr ago
      • Reported - view

      demo NextDNS CLI has some conditional forwarding, it may not be exactly what you are trying to do.

      For device names you have to add their local IP address and “friendly” name to the host file on the device running NextDNS CLI. 

      • Kurdtech
      • 1 yr ago
      • Reported - view

      R P M Thank you for the reply. Are you referring to the native /etc/hosts file?

      • R_P_M
      • 1 yr ago
      • Reported - view

      demo The /etc/hosts file has to be on the device running NextDNS. If it’s not possible to edit on that device then you might be stuck with the current log names. 

    • Kurdtech
    • 1 yr ago
    • Reported - view

    Thank you RPM, yes the NextDNS is running on Pi, where i can modify the etc/hosts.

     also what is your optimize  configuration on /etc/nextdns.conf

    this is my current 

    timeout 5s
    listen :53
    max-ttl 5s
    report-client-info true
    hardened-privacy false
    use-hosts true
    cache-size 10MB
    discovery-dns  172.10.1.1
    detect-captive-portals false
    auto-activate true
    max-inflight-requests 256
    setup-router true
    control /var/run/nextdns.sock
    log-queries false
    mdns all
    bogus-priv true
    config xxxxx
    cache-max-age 0s

      • R_P_M
      • 1 yr ago
      • Reported - view

      demo Hi again, yes most of those are fine for the config. I only have a longer max-ttl , something like a few minutes (not sure of the exact value as device with CLI is not used every day). It is just to boost the cache, so hopefully a little less requests (free user currently).

Login to reply

Content aside

  • 1 yr agoLast active
  • 9Replies
  • 171Views
  • 2 Following