0

Can't get NextDNS Working on Fedora 36

I'm on Fedora 36 and trying to get my system's traffic to go through NextDNS, but no matter what I do, it doesn't seem to be working. I tried several of the methods on the setup guide page, starting with the NextDNS Command Line Client, which looked like it was working in the terminal, but nothing ever showed up for my system in the Logs page. I also tried the dnsmasq, DNSCrypt, and systemd-resolved methods and none of them worked either. I then tried adding my NextDNS IP addresses directly into the VPN I'm using - also didn't work.

I'm confused about why there are so many different options for setting up a custom DNS on Linux. Is there a reason I should be using one method over the others? Also, what could I be doing wrong that I'm not able to get any of these methods to work properly?

12 replies

null
    • Aylward_Carved
    • 1 yr ago
    • Reported - view

    Okay, I reinstalled the NextDNS command line client, and this is what I get when I enter "nextdns run":

    INFO: 14:24:03 Starting NextDNS 1.37.11/linux on localhost:53
    INFO: 14:24:03 Listening on TCP/[::1]:53
    INFO: 14:24:03 Listening on TCP/127.0.0.1:53
    INFO: 14:24:03 Listening on UDP/127.0.0.1:53
    INFO: 14:24:03 Listening on UDP/[::1]:53
    ERROR: 14:24:03 Startup failed: proxy: tcp: listen tcp [::1]:53: bind: address already in use
    Error: proxy: tcp: listen tcp [::1]:53: bind: address already in use

      • R_P_M
      • 1 yr ago
      • Reported - view

      Aylward Carved Normally you would use “nextdns start” rather than “run”.

      But according to that something else has bound to the IPv6 tcp port already. What else is running?

      Also check the “nextdns config“ output, remember to obscure or remove the config ID if you post it back here. 

      • Aylward_Carved
      • 1 yr ago
      • Reported - view

      R P M I disabled systemd-resolved and that seemed to help temporarily, but not NextDNS is not working again. I am using a VPN as well. Could that have something to do with the issue? Here's the config output:

      bogus-priv true
      max-inflight-requests 256
      auto-activate true
      listen localhost:53
      config xxxxxx
      cache-size 10MB
      mdns all
      log-queries false
      setup-router false
      control /var/run/nextdns.sock
      report-client-info true
      use-hosts true
      timeout 5s
      hardened-privacy false
      cache-max-age 0s
      max-ttl 5s
      discovery-dns
      detect-captive-portals false

      • Aylward_Carved
      • 1 yr ago
      • Reported - view

      R P M I ran netstat to see what is listening on port 53, but I'm confused about what I'm looking at here:

      tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      22629/nextdns       
      tcp        0     70 10.110.27.73:53598      3.82.80.22:443          ESTABLISHED 3063/1password --en
      tcp6       0      0 ::1:53                  :::*                    LISTEN      22629/nextdns       
      udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1438/avahi-daemon:  
      udp        0      0 127.0.0.1:53            0.0.0.0:*                           22629/nextdns       
      udp6       0      0 :::5353                 :::*                                1438/avahi-daemon:  
      udp6       0      0 ::1:53                  :::*                                22629/nextdns       

      • R_P_M
      • 1 yr ago
      • Reported - view

      Aylward Carved netstat output looks ok, nextdns is setup for all the ports. 

      I think maybe it is something to do with your VPN setup, because everything else appears to be set correctly. 

      Just a guess, run “nextdns config set -detect-captive-portals=true” (I think it requires the preceding ‘-‘ but not entirely sure) followed by “nextdns restart”

      • Aylward_Carved
      • 1 yr ago
      • Reported - view

      R P M You may be right about the VPN. After rebooting, my VPN had this error message: "Unable to set system DNS server."

      In terminal, I ran "nextdns activate" and got this: "Error: setup resolv.conf: write /etc/resolv.conf.nextdns.tmp: open /etc/resolv.conf: no such file or directory"

      I tried to open resolv.conf and got this error: "The link "resolv.conf" is broken. The link cannot be used because its target "../run/systemd/resolve/stub-resolv.conf" doesn't exist."

      I did disable the systemd-resolved service earlier on and that was the only thing that made NextDNS work temporarily, ironically, but maybe I messed something up?

      By the way, I did set detect-captive-portals to true and restarted the NextDNS service, but that also did not work.

      • R_P_M
      • 1 yr ago
      • Reported - view

      Aylward Carved You definitely need to enable systemd-resolved again. I doubt that it was the problem, more likely the vpn setup. 

      • Aylward_Carved
      • 1 yr ago
      • Reported - view

      R P M Okay, I'll do that. What about the VPN could be causing this problem? And is there anything I can do about it to get both the VPN and NextDNS working together?

      • R_P_M
      • 1 yr ago
      • Reported - view

      Aylward Carved It could be difficult to get the VPN to work nicely with NextDNS, depending on provider restrictions and how they are setting up on your device. 

      First thing is to make sure that NextDNS works properly without the VPN. After that’s all set start looking at the VPN. 

      • Aylward_Carved
      • 1 yr ago
      • Reported - view

      R P M Okay, you were definitely right. NextDNS works just fine without my VPN running. Apparently MullvadVPN hijacks DNS queries for security, so you have to make some adjustments to prevent this. I found a blog that demonstrates how to do it (https://schnerring.net/blog/use-custom-dns-servers-with-mullvad-and-any-wireguard-client/), but it requires a Wireguard client, which looks to be unavailable on Fedora. Do you know of any other way I could achieve this same result?

      • R_P_M
      • 1 yr ago
      • Reported - view

      Aylward Carved It’s apparently called wireguard-tools on Fedora. 

      https://bodhi.fedoraproject.org/updates/?packages=wireguard-tools

      or
      https://www.wireguard.com/install/

      • Aylward_Carved
      • 1 yr ago
      • Reported - view

      R P M I downloaded wireguard-tools, but I can't figure out how to adjust any config or anything, unfortunately.

Content aside

  • 1 yr agoLast active
  • 12Replies
  • 266Views
  • 2 Following