0

dnsmasq not showing any “cached” entries when used with NextDNS CLI on OpenWrt

Hi,

I’m running OpenWrt 25.12.4 and I followed the dnsmasq + NextDNS CLI integration described here:

It is possible to run dnsmasq and nextdns together and still benefit from client reporting and conditional configuration...

My setup is basically:

  • NextDNS listening on 127.0.0.1:5555
  • dnsmasq forwarding to 127.0.0.1#5555
  • dnsmasq serving LAN clients on port 53

What I expected was to use dnsmasq as the main local cache on the router, with NextDNS handling filtering and upstream resolution.

What I’m seeing in the dnsmasq logs is only query / forwarded / reply, but I never see any cached lines, even for repeated lookups from the same client. The cache stats also don’t seem to show any reused unexpired entries.

So my question is: is this setup actually supposed to make dnsmasq the main cache for forwarded DNS replies, or is the caching effectively happening on the NextDNS side instead?

If dnsmasq can be the primary cache here, is there anything specific I should change on OpenWrt to make forwarded replies get cached properly?

Thanks.

 

nextdns file:

config nextdns 'main'
    option enabled '1'
    option setup_router '0'
    option report_client_info '1'
    option hardened_privacy '0'
    option log_queries '0'
    option cache_size '0'
    option cache_metrics '0'
    option bogus_priv '1'
    option auto_activate '0'
    option cache_max_age '0s'
    option max_inflight_requests '256'
    option mdns 'br-lan'
    option max_ttl '0'
    option use_hosts '1'
    option detect_captive_portals '0'
    option timeout '5s'
    option debug '0'
    option control '/var/run/nextdns.sock'
    list listen '127.0.0.1:5555'

    list profile '10.10.10.172/32=xxxxx'
    list profile '10.10.10.220/32=xxxxx'
    list profile '10.10.10.221/32=xxxxx'
    list profile '10.10.10.203/32=xxxxx'
    list profile '10.10.10.210/32=xxxxx'
    list profile 'xxxxx'

dnsmasq file:

config dnsmasq
    option domainneeded '1'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option cachesize '10000'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option localservice '1'
    option ednspacket_max '1232'
    option noresolv '1'
    option quietdhcp '1'
    option addmac '1'
    option addsubnet '32,128'
    list server '127.0.0.1#5555'
    option logqueries '1'
    option min_cache_ttl '300'

1 reply

null
    • NextDNs
    • yesterday
    • Reported - view

    This is expected, caching is delegated to the nextdns client. This ensures there's no cache pollution between different profile when using conditional profile routing like you do in your config. Without this, a domain blocked for one profile but not the others may end up not being blocked if a user from another profile queried it first and primed dnsmasq's non-segmented cache.

Login to reply

Content aside

  • yesterdayLast active
  • 1Replies
  • 26Views
  • 2 Following