0

NextDNS does weird things with T-Mobile Home Internet - not sure what to do now

I am a paid NextDNS subscriber but moved to a location where T-Mobile Home Internet is my only ISP option. T-Mobile home internet is a 5G hotspot like device which uses something like CGNAT (464XLAT I'm told). I'd like to connect to NextDNS on the router level.

Will I be able to use NextDNS at a router / network level with this ISP? Any help is appreciated. I was hoping to get customer support from the company but it appears they only offer this to business accounts.

I have attempted a few solutions.

First, I am unable to adjust DNS settings on the T-Mo gateway. 

One is to use a Wireguard mesh VPN (Tailscale) which points to NextDNS. When I do this, I get the "This device is using NextDNS, but under a different config" response from NextDNS web. This seems to mean it finds NextDNS resolvers but not my paid account (despite using the correct IPv4 addresses for my account). I've also pointed the Wireguard VPN at the IPv6 addresses for my NextDNS account, but that seems to break all DNS requests.

Secondly, I attached an ASUS router to my T-Mobile gateway and pointed that at the correct NextDNS addresses. What this produces is weird: it flips between "All good! This device is using NextDNS!" and "This device is using NextDNS but under a different config" every few seconds. I can sit there and watch it flip from green to red to green without reloading the page. 

Lastly, I might try to attach my personal router itself to the Tailscale mesh, then use a VPS as an end node - routing all traffic through the VPS and pointing the VPS to NextDNS. This seems convoluted though, and probably high latency.  

Any help is appreciated!

3 replies

null
    • blue_camera
    • 1 yr ago
    • Reported - view

    I don't know if I wrote this out very well. The goal is to use NextDNS on all my devices. The problem is the T-Mo 5G broadband.

    • One solution I've tried is putting all my devices on a Wireguard mesh pointed at the two IPv4 addresses associated with my NextDNS account. This causes devices to resolve successfully using NextDNS - but not with my personal profile and its filters. 
    • Second solution I'm trying is to use my own router and set it to use NextDNS as the DNS resolver. This works well on normal ISPs. On the T-Mobile 5G gateway, the my.nextdns.io portal shows that I'm switching between my personal NextDNS profile (green light on profile) and not using it (red light).

    Hope that clears things up. Any help appreciated!

    • R_P_M
    • 1 yr ago
    • Reported - view

    Oh no, CGNAT again. It's going to be very difficult to use the IP based setup for NextDNS. You will have to find a way to use DNS-over-HTTPS or DNS-over-TLS on a device in your local network and get it to forward all DNS requests.

      • blue_camera
      • 1 yr ago
      • Reported - view

      R P M thanks. I might have to use an external VPS that is not behind my CGNAT home network. 

      Is it even possible for NextDNS to resolve this? For instance, I have an ASUS router I can successfully change the DNS routing to the 'CleanBrowsing' service. It's a preset in the router. However, it seems to be reliably and consistently using that DNS service rather than T-Mobile's CGNAT service. So it seems possible. However, I'm not entirely sure how CleanBrowsing compares as a DNS server to NextDNS.

Login to reply

Content aside

  • 1 yr agoLast active
  • 3Replies
  • 461Views
  • 2 Following