Just blogging this in case it hits anyone else.
I was previously using NextDNS with my internal DNS servers on a couple of Raspberry Pis. Recently I decided to simplify things (move the internal DNS server Docker container to a regular machine; get rid of the Pis for now etc.) and decided to run NextDNS from my router itself. I have an Asus router and run AsusWRT Merlin firmware. NextDNS can be installed on the router following the instructions here.
AsusWRT Merlin uses dnsmasq for DHCP and DNS resolution. By default dnsmasq listens on the router’s port 53 so NextDNS integrates with it along these lines (it listens on a different port and tells dnsmasq to use it as upstream). It adds the following to dnsmasq.conf basically:
|
1 2 3 4 5 |
no-resolv server=127.0.0.1#5342 cache-size=0 add-mac add-subnet=32,128 |
The 127.0.0.1#5342 line vary per deployment depending on what port NextDNS decides to listen on.
In my case I had the following line in /jffs/nextdns/nextdns.conf:
|
1 |
forwarder raxnet.com.=192.168.1.2 |
This tells it to forward any queries for my home domain raxnet.com to an internal DNS server.
In theory with this config DNS queries would be sent from my home machines to dnsmasq who would forward them to NextDNS and NextDNS will forward any internal queries to the IP above. That didn’t work for me however! External queries were going to NextDNS but internal was returning an NXDOMAIN.
Spent a fair bit of time trying to figure out the reason. Finally I realized I had set a domain name for my router and so dnsmasq had added a line like this to its config:
|
1 |
local=/raxnet.com/ |
This tells dnsmasq that the domain is local and so it must answer queries from /etc/hosts – so dnsmasq does not forward these to NextDNS and the latter never see these queries.
The workaround was to remove the domain name from the router config and now dnsmasq and NextDNS can co-exist.