Just blogging this in case it hits anyone else.
I was previously using NextDNS with my internal DNS servers on a couple of Raspberry Pis. Recently I decided to simplify things (move the internal DNS server Docker container to a regular machine; get rid of the Pis for now etc.) and decided to run NextDNS from my router itself. I have an Asus router and run AsusWRT Merlin firmware. NextDNS can be installed on the router following the instructions here.
AsusWRT Merlin uses dnsmasq
for DHCP and DNS resolution. By default dnsmasq
listens on the router’s port 53 so NextDNS integrates with it along these lines (it listens on a different port and tells dnsmasq
to use it as upstream). It adds the following to dnsmasq.conf
basically:
1 2 3 4 5 |
no-resolv server=127.0.0.1#5342 cache-size=0 add-mac add-subnet=32,128 |
The 127.0.0.1#5342
line vary per deployment depending on what port NextDNS decides to listen on.
In my case I had the following line in /jffs/nextdns/nextdns.conf
:
1 |
forwarder raxnet.com.=192.168.1.2 |
This tells it to forward any queries for my home domain raxnet.com to an internal DNS server.
In theory with this config DNS queries would be sent from my home machines to dnsmasq
who would forward them to NextDNS and NextDNS will forward any internal queries to the IP above. That didn’t work for me however! External queries were going to NextDNS but internal was returning an NXDOMAIN.
Spent a fair bit of time trying to figure out the reason. Finally I realized I had set a domain name for my router and so dnsmasq
had added a line like this to its config:
1 |
local=/raxnet.com/ |
This tells dnsmasq
that the domain is local and so it must answer queries from /etc/hosts
– so dnsmasq
does not forward these to NextDNS and the latter never see these queries.
The workaround was to remove the domain name from the router config and now dnsmasq
and NextDNS can co-exist.