3

Why can't I use Linked IP with my configuration for my router?

I set up my Huawei router's DNS to NextDNS and changed DDNS to No-IP.com and configured it with NextDNS. But I'm still getting the message "This device is using NextDNS with another configuration". Anyone knows how to fix this?

24 replies

null
    • D00D
    • 2 yrs ago
    • Reported - view

    bump!

    I'm having same issue and pretty much the same setup. I am visiting wife's family overseas and decided to secure the network and improve performance. This is a new use case and I am really excited to use NEXTDNS - if it worked!

    They have Huawei router: HG8245H. 

    1) I've tried DDNS with NO-IP to no avail. The Huawei interface shows UP status in the Huawei config portal under DDNS settings and the IP is properly managed in NO-IP web portal when it changes.

    With that said..To me, everything checks out except NEXTDNS.

    2) I've also tried just the two NEXTGEN primary/secondary DNS entry settings the old school way with no luck. These are  the correct DNS servers after building the profile in the NEXTGEN portal.

    There is one tidbit that hopefully helps NEXTDNS support team resolve our issue is that within NEXTGEN portal where the linkedIP and noIP DDNS entry sync properly and allow me to register accordingly. All my tinkering around  I was making a ton of changes and noticed there was a lag time between router, noIP, and NEXTDNS synching new IPs on the NEXTDNS side of the house. Sometimes it wouldn't update at all indicating DNS cache. Since nothing was working at all, I deleted profiles and recreated using the new DNS entries and then updated the router with the new DNS IPs..still no go.

    All the other devices pointed directly at NEXTDNS work just fine when assigned locally on windows, macos, and android.  This is also when they are on the network via the Huawei connected behind the router because those devices have their own profile and are OK directly. However, I really would like the router level dns sinkhole stuff working for all unmanaged devices on the network  as that is the main objective and why I purchased the new NEXTDNS service. That and I don't want to run my own pihole..

     

    thank. you James. I am glad I stumbled into the post. 

     

    NEXTDNS support please advise?

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Darth Maul Where in the Huawei router were you entering the DNS IP addresses? They need to be in the DHCP setup so that devices connecting to the router will automatically be using Nextdns. 

      • D00D
      • 2 yrs ago
      • Reported - view

      R P M 

      thank ya for the follow up. Huawei had nextDNS IP set in DHCP settings and can confirm endpoints are pulling the nextDNS IPs down for their local DNS host entries. still no luck

      this is a lack of understanding on my part. I just watched some crazy cat video of how complex DNS is which didn't make me feel any better.(A Cat Explains DNS - YouTube). 

      The Huawei shows the public IP on the modem interface. this  matches the IP in NO-IP DNS portal config with the huawei. I see the same IP auto update in nextDNS properly after a change is made.

      however when done so it states "This device is using NextDNS with no configuration. Make sure to link your IP address in the Linked IP section below.". If I hit link IP it goes greenlight. all good!

      If I manually hit the URL under advanced, the URL stringhttps[:]//link-ip.nextdns.io/##ABCD#####, it outputs same as my IP from google and for a moment refreshing repeatedly instead of the "device is using NEXT DNS with no config..etc" it will show 

      greenlit "All good! This device is using NextDNS with this configuration." and auto link itself. but I have to trigger it. Then shortly after auto reverts back to the IP matching NoIP and the router public interface IP. and "this device NEXT DNS with no config ..etc"

      with the same macOS endpoint and having the DUP client installed, it will update the no-ip portal with the same google IP match as desired. unlike the router config which updates noIP with the public IP on huawei interface

      by putting in something bogus like diff port 9999 on the router to down the interface, go to noIP portal and put a bogus IP, then bring the router interface port back to 80, the noIP portal updates with the public IP on the huawei interface.

      I'll give it another shot tomorrow night. thanks again

    • D00D
    • 2 yrs ago
    • Reported - view

    FWIW, I removed the noIP DDNS from the picture altogether

    Now both the linked IP updates along with the https://link-ip.nextdns.io/1a2b3c4d/e6f7g8 showing the google my IP they do match.


    I guess that narrows it down to just noIP not respecting the DDNS config on the router to some fashion, because when turned back on the DDNSon huawei. the router public IP is. sync'd to noIP which then syncs to nextDNS OK, but its not the my 'google ip' , but the IP on the router shown here for #2 under WAN info is the one that shows up and sync'd

    In either situation with or without dyndns it shows

    This device is using NextDNS with no configuration.Make sure to link your IP address in the Linked IP section below. , but without noIP dyndns i have the greenlit check and the proper IP matching my google IP. where as with dyndns both nextDNS and noIP have the public interface IP in screenshot, instead of the different googled "my ip"

     

    my next step is going to try the other ddns service. unfortunately my namecheap domain DDNS isn't supported by Huawei so I will try. another. duckdns doesnt show up in the Huawei drop down for DDNS either. i need to wait until EoD before I can test again with gnudip

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Darth Maul Oops, you shouldn’t show your full update link. Can you edit the post to remove it?

      Oh, it seems like the Huawei is not quite right with no-ip. Running a no-ip client on another device might be a good option or just use the ip update link for nextdns regularly. 

      • D00D
      • 2 yrs ago
      • Reported - view

      R P M 

      i appreciate the help! it actually was a bogus string for the link a1, b2, c,3 d4 =O

    • robing01
    • 2 yrs ago
    • Reported - view

    Just curious, are you sure you're getting a public IP address instead of a CGN (carrier grade NAT) private IP address? if the later case is true, there's a chance that the IP address has already been binded by someone else sharing the same public IP.  Binding IP address is always the last resort becasue it can easily go wrong and terribly hard to diagnose. 

      • D00D
      • 2 yrs ago
      • Reported - view

      Nautilus 

      i was able to login with the telecomadmin account. It does show NAT enabled in my screenshot

      I'm going to guess if I set to static, it will break things without paying for a static IP (might have to go that route..there is no always on device in the house.). Same if. I tamper with NAT settings?

      The wifi on the huawei is bad..so today I just bought a newfi3 router and put openWRT on it.  I then disabled wifi on huawei and enabled wifi on the openWRT. DHCP still running on huawei without issues. This took a lot of googlefu to get it working on it, but was proud of myself. LOL

      I don't think my sister in law has any PPoE info from converge, but I will ask if that would help instead of DHCP. I thought of this last night, but disregarded the thought because didn't think it was possible with the Huawei being inline of the bridged openWRT via LANport. If the openWRT is just a dhcp client, I can configure DYNDNS on the openWRT and problem solved? Just like if I were to run a DUP on an endpoint. I will try that as well. fingers crossed for tonight on that approach. the openWRT webgui interface is intimidating

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Darth Maul From that screenshot you posted it looks like it’s connecting to the internet via DHCP, this is not a good sign as it could well be CGNAT you are connected to, as @Nautilus suggested. 

      With OpenWRT you have the option to set up DNS-over-https or DNS-over-TLS on device which will bypass the CGNAT issues you could be experiencing. 

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Here’s the setup page for NextDNS on openWRT. 
      https://github.com/nextdns/nextdns/wiki/OpenWRT

      Very simple for newer versions of OpenWRT, check further down the page. 

      • D00D
      • 2 yrs ago
      • Reported - view

      R P M 

       

      thank you for that. I wasted a lot of time on the noip stuff (I removed it altogether after having same issue with duckDNS).

      After running thru. the KB above. it installed successfully. here are screenshots. I've properly populated the config with ID. With DoH there is no need for dynamicDNS correct? because its making DNS queries over https from the openWRT to nextDNS ?

       

      In the NextDNS web portal it still shows:

      This device is using NextDNS with no configuration.

      Make sure you set the config ID below shown in the app settings

      Shouldn't that be greenlit / protected now?

      I should note that before I saw your reply this morning, I ran this set of uci commands (replacing the google IPs with my nextDNS ones).  I also tried replacing the uci command with the other line item

      uci set https-dns-proxy.dns.resolver_url="https://dns.nextdns.io/#####”

      I figured it is irrelevant because its http proxy, but I didn't remove. it

    • D00D
    • 2 yrs ago
    • Reported - view

    oop. too s low. to edit the reply. i removed that pkg https-dns-proxy and reran the nextdns command with c for config

      • D00D
      • 2 yrs ago
      • Reported - view

      ok after removing that pkg and rerunning the config, i looked at the log and have different results. here we go

      • D00D
      • 2 yrs ago
      • Reported - view

      root@OpenWrt:~# nextdns config

      bogus-priv true

      max-inflight-requests 256

      listen localhost:53

      report-client-info true

      discovery-dns

      config #####

      setup-router true

      auto-activate true

      control /var/run/nextdns.sock

      cache-size 10MB

      hardened-privacy false

      use-hosts true

      detect-captive-portals false

      timeout 5s

      log-queries true

      cache-max-age 0s

      max-ttl 5s

      mdns all

    • D00D
    • 2 yrs ago
    • Reported - view

    I wish I can can remove all my dumb comments. Although, this has been a great learning experience.

    I restored my openWRT to fresh, got it back on the network, opkg update and ran the steps in the article you provided. https://github.com/nextdns/nextdns/wiki/OpenWRT

    heres what I see in. log after going thru:

    Unfortunately. still s tates: This device is using NextDNS with no configuration.Make sure you set the configuration ID shown below in the app settings.

    confirmed in openWRT GUI under Services -> NextDNS is my config ID populated

    Within OpenWRT, I can curl the  programmatically update your linked IP by calling:

    https://link-ip.nextdns.io/###### successfully showing my ip, but not greenlit still =(

      • D00D
      • 2 yrs ago
      • Reported - view

      ongoing in log. no other entries

      Sat Jun 25 08:26:17 2022 daemon.notice nextdns[3673]: Connected 45.11.104.186:443 (con=39ms tls=71ms, TCP, TLS13)

      Sat Jun 25 08:27:52 2022 daemon.notice nextdns[3673]: Connected 45.11.104.186:443 (con=26ms tls=50ms, TCP, TLS13)

      Sat Jun 25 08:34:04 2022 daemon.notice nextdns[3673]: Connected 45.11.104.186:443 (con=23ms tls=46ms, TCP, TLS13)

      Sat Jun 25 08:38:04 2022 daemon.notice nextdns[3673]: Connected 45.11.104.186:443 (con=21ms tls=48ms, TCP, TLS13)

      Sat Jun 25 08:39:45 2022 daemon.notice nextdns[3673]: Connected 45.11.104.186:443 (con=26ms tls=52ms, TCP, TLS13)

      Sat Jun 25 08:41:31 2022 daemon.notice nextdns[3673]: Connected 45.11.104.186:443 (con=26ms tls=52ms, TCP, TLS13)

    • D00D
    • 2 yrs ago
    • Reported - view

    thank ya peeps!

    I got it! appreciate all your help!!

    The noIP or duckDNS for DDNS on the newfi 3 running openWRT didn't work, same as attempting DDNS on  Huawei HG8245H itself. Thanks to the comment about carrier grade NAT IP putting the DDNS wasn't working on either for that reason. 

    So the working solution:

     huawei is bridged via LAN port to the openWRT.  Huawei has the NextDNS IPs on the Huawei admin portal. DHCP running on huawei. Wifi disabled on the huawei and wifi  running on openWRT instead. NextDNS happily running on the openWRT which was easy as you said. thanks again!

    all unmanaged devices now pushed thru NextDNS. Agentless!! Are there benefits to running the NextDNS agent locally for additional security features? 

    On ANdroid,  the NextDNS app wouldn't autostart or autoconnect. I managed to use macrodroid to autostart the app and then upon seeing text string "CONNECT" to make a UI interacted hand gesture. It was working fine, but decided to just use the private DNS mode in case someone closed the app.

    thank you again!!! 

    may the  force be with you

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Darth Maul I’m not sure it is completely configured correctly. Will see how it goes. 

      Only issue I see, from what you’ve said, is that the DHCP DNS server setting should be using the local IP of the OpenWRT box. Unless devices are picking it up automatically?

      • D00D
      • 2 yrs ago
      • Reported - view

      R P M 

      This late at night I seem to be verbose on the nonsense, but fail on the needed details to help triage woops. The "agentless" endpoints behind the router do pick up the nextDNS ok yep! The huwei has the nextDNS IPs and the DHCP server is running on huawei..but its in two diff GUI spots. when i hit test.nextdns.io they show up as DoH. Since it is working, I take it I don't need to put the OpenWRT's local DNS server IPs?

      However, I ran into new issue. When I turn on secure DNS drop down on any of the browsers under privacy &  security there is a drop down for DNS vendors, one of which NextDNS built in. I try that and I get below:

      This device is using NextDNS with no configuration.Make sure you use the DNS-over-HTTPS endpoint shown below.

      If I put in custom URL in there instead with https[:]//dns.nextdns.io/a1b2c3  it works. All is good!  I thought it was an issue since I have to manually put it in when there's an OOBE setting. I tested with android firefox/chrome (android edge didn't seem to have secure DNS setting anywhere).  All work fine..I'm assuming the OOBE drop down NextDNS is for the free tier?

      So..in any circumstance, It seems I still need to go into each browser on each device and set the custom string? Otherwise, I think I'm fully up and running. If I don't set browser secureDNS and hit test.nextdns.io, it comes across as UDP instead of DoH despite the nextDNS setup on router/openWRT.

      Is that just the nature of the beast on browsers? I imagine thats why JAMF/Kandji/Intune/etc are so important for tamper proof for enterprise companies when 'these are 'managed by your org' etc. If that is the case, I am good to! if not, I've got some more troubleshooting to do

       

      thank you RPM!

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Darth Maul 

      You should not be changing the secure dns settings in browsers, they need to be set to off or disabled. 
      When you use test.nextdns.io you’re getting UDP which means that it’s not using the openWRT box and the nextdns CLI client.

      Without being able to see the router interface myself I can’t help in pointing you where to set the dns ip of the openWRT box. 
      It’s a shame Huawei aren’t providing a emulator for the interface. That would be useful!

      • D00D
      • 2 yrs ago
      • Reported - view

      R P M 

      my screenshot above was bad. i had plugged in the nextDNS IPs into the DNS search list instead of static DNS config. i tried putting in the local openWRT DNS entry on theproper static DNS on  huawei

      since it didn't work, I popped in the local openwrt IP on huawei and openWRT, but still getting UDP. it does show the proper DNS IP for dst though on test.nextdns.io. below is the screenshot of DNS on openWRT as well. I manually pointed to itself 192.168.100.5. unless it requires 127.0.0.1?

      I tried with huawei DNS of 192.168.100.5 and the openWRT as the nextDNS IP as well. no luck. surprised that all still. worked though to get to the web. I had the nextDNS entry in openWRT already before so I overwrote it.

      rebooted all devices: endpoint, huawei, and the openwrt in between changes, but same results

      dang thought I had it too!

      {
      "status": "ok",
      "protocol": "UDP",
      "destIP": "45.90.xx",
      "anycast": true,
      "server": "zepto-tyo-1",
      "clientName": "unknown"
      }
      • D00D
      • 2 yrs ago
      • Reported - view

      Darth Maul

       

      found another location of the network interface status in openWRT just to confirm

      my DHCP scope starts at 192.168.100.9

      • R_P_M
      • 2 yrs ago
      • Reported - view

      Darth Maul All those screenshots seem to be looking correct. 

      In the Huawei is there any dns setting in the Lan page? 

      • D00D
      • 2 yrs ago
      • Reported - view

      R P M 

      i love you!! <3

      that. was it. I forgot there were settings only available to see when logged in as the built in telecomadmin account for the ISP tech.  It's funny the user telecomadmin w/ admintelecom for passwd. keeps popping up as breach in Google and to change the pwd. its locked though and can't.

       I'm not super technical, but I have my Security+ for Gov contracts which was required at the time back in 2010. Sounds like I should've taken the Network+ too LOL

       

      OMG thank. you again.!!!

       

      across all devices:
      {
      "status": "ok",
      "protocol": "DOH",
      "
      }
      
      I'm sooo glad we got this to work before I head back home because I only visit once a year.I think I will open another thread with. the actual working config to hopefully help someone in the future without having to read my late night mumbo jumbo
      
      Truly appreciate the community help!

Content aside

  • 3 Likes
  • 2 yrs agoLast active
  • 24Replies
  • 2235Views
  • 4 Following