Mesh routers for NextDNS?

I like all the benefits listed for using the NextDNS app: https://help.nextdns.io/t/m1hmv0k/which-setup-type-to-use

Are there any Mesh routers that I can install NextDNS on so I can get these benefits?

  • Easy to setup
  • Traffic is encrypted and server is authenticated
  • Does not require IP linking
  • Advanced routing / fallback mechanism
  • Network wide device identification when installed on the router

I've done the whole custom firmware on WRT54G in another life and just want something easy with no maintenance now. I've had the Google Wifi system for a few years but that doesn't allow the NextDNS app to be installed on it (yes, I'm using the NextDNS DNS entries but I want the full experience).

10replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • You can have it on a rpi on the side and point your LAN DNS on it.

    Like 2
    • Olivier Poitrey My LAN DNS has 2 entries to fill out. Would I have both of them set to the Raspberry Pi? How much maintenance is requires for the Rpi?

    • Killua Zoldyck yes, point them both to the RPI. Make sure it's the LAN DNS and not the WAN DNS. There is no maintenance, it's a very simple small DNS proxy, statically linked single binary.

      Like 1
    • Olivier Poitrey So instead of a RPi, I'm using my MacMini. I installed the CLI and had it listen on port 53, report-client-info, auto-activate, config 123456, setup-router

      I then updated my router (Google Wifi) and set it to use the IP of the MacMini for DNS.

      Things are functional. But for most of the traffic in Logs (on the NextDNS site), I see the Device name as: e1f064...0e27c

      I think that Device is the Google Wifi router.

      Is there any way to have the Logs show the actual Device name instead of the Google Wifi Router? (Without having to install apps on every client)

    • Killua Zoldyck you can try to add the option dns-discovery pointing to the IP of your router.

    • Olivier Poitrey It seemed like it gave me some other names for devices but the names didn't make sense. And then it caused problems with my router.

      There has to be an easier way to Identify devices without having to configure each device individually.

      Like 1
      • Roy
      • Roy
      • 10 mths ago
      • Reported - view

      Olivier Poitrey 

      the google WiFi router requires unique IPs for primary and secondary.  I put one of the NextDNS IP as secondary.   That way if the Pi device fails, there is a second DNS (albeit unencrypted) to the NextDNS. 

      • H S
      • H_S
      • 10 mths ago
      • Reported - view

      Olivier Poitrey  I do not think google wifi allows for distinct  setting of LAN DNS . It has only one option for DNS , which has three options 1) Automatic( 2) ISP DNS  3) Customised (where 2 ip's for nextDNS can be set). So this sounds like WAN DNS to me.

      (Based on the suggestions on this thread)...

      Assuming I  install nextDNS on Rpi ( and point  Google wifi Custom DNS to DNS1= and DNS2= (one of the 2 nextDNS ips )   .

      on Rpi within the nextdns.conf , I  set discovery DNS to be the ip of Google Wifi (as its the DHCP server and router for the rest of home network).

      Can you please confirm this what you are suggesting in this thread ? This does sound like lots fo traffic bouncing back and forth between google wifi and Rpi 

    • H S this sounds like WAN DNS, so it might not work as expected. Also, the second IP should not be set to something else than the RPi. You can try to set two IPs on the Pi if you can't leave the second empty.

  • For those who use Google WiFi, here’s what I’ve learned:

    Google WiFi will not pass the DNS setting to each DHCP client. The setting is the WAN DNS. It ALWAYS passes it’s own IP as the LAN DNS. Because it requires 2 unique IPs, Olivier’s gave good suggestion for 2 IPs on 1 LAN device. I use a Mac Mini and use a Ethernet IP for Primary and WiFi for secondary. You still won’t ever get device identification due to how Google WiFi gives it’s clients it’s own IP but you’ll at least get encrypted DNS. 

    Because of this, I use NextDNS app or Apple Native Profile or Adguard app DNS protection setting, etc. on every device that has that option so I’ll get device identification for those. 

    If you truly need device identification when the only option you have is NextDNS IP (and no cli device), you can create an individual NextDNS configuration for each device. (I did that initially to get an idea of which of my devices were making which calls. I have since changed the devices back to using Google WiFi and foregoing identification.)  But for devices that you can’t set DNS manually (like some smart devices), you’re SOL. 

    Note: Additionally, Google WiFi IPV6 doesn’t work for me (and countless others) for DHCP clients but I’m sure it would be the same issue that it’s own IPV6 would be given as LAN DNS so still have the same restrictions. Because of this I use the configuration IPV6 as the primary and secondary Google WiFi settings. Hopefully, firmware update will get IPV6 working at some point.

    Note: Google WiFi will show up as more than one device in NextDNS logs because it makes calls using both its WAN IP (calls home to gstatic.com and YouTube.com) and it’s LAN IP.

Like Follow
  • 8 mths agoLast active
  • 10Replies
  • 348Views
  • 5 Following