NextDNS behind CGNAT does weird things

ithryn

New Around Here
I have a niche problem and I'm not sure where to ask. I am happily using T-Mobile home internet. (Great speeds, cheap, only other option in my area is satellite.) However, I'm behind CGNAT and have no stable/discoverable IP4 address. I am also unable to customize DNS servers on the T-Mo 5G gateway. I have a paid NextDNS account with custom adblockers and content filters that I'd love to use.

When I connect devices to NextDNS (through their app or via DoH) I get "This device is using NextDNS, but with another configuration." In other words it can find the stock NextDNS resolvers, but does not use my personal account and filters.

I have an ASUS RT-88CU laying around, which is running Merlin. It connects to the T-Mo internet and creates its own subnetwork just fine, and I can set my custom NextDNS addresses in Merlin. However, this results in the weird effect of NextDNS flipping back and forth between the green "All good! This device is using your custom config" and the red "This device is using NextDNS in another configuration" - I can watch it flip every 2-3 seconds. All I figure is that NextDNS is "finding" me behind the CGNAT and then "losing" me and then "finding" me again.

What would you do in this case?

Currently I have a Wireguard VPN (Tailscale) which can connect all my devices, punching through the CGNAT with no problem. What if I set up a Digital Ocean VPS as an exit node on Wireguard? Then point the ASUS router at the exit node VPS. Then point the exit node VPS to NextDNS as its DNS resolver. Is that an efficient solution, or is there something better?

Only thing I don't like is the idea of home internet traffic going through Tailscale going through the VPS going through NextDNS...lots of parts to break. Any advice is appreciated!
 

ColinTaylor

Part of the Furniture
Contact NextDNS support, that's what you're paying them for.
 

sfx2000

Part of the Furniture
T-Mobile home internet. (Great speeds, cheap, only other option in my area is satellite.) However, I'm behind CGNAT and have no stable/discoverable IP4 address.

TMHI is not CGNAT - it looks like it, but it is a different mechanism all together (464XLAT) - so IPV4 definitely takes a back seat to IPV6 traffic...

As @ColinTaylor mentions - talk to NextDNS, and be clear with them that your broadband pipe is TMHI...
 

ithryn

New Around Here
Contact NextDNS support, that's what you're paying them for.
Turns out NextDNS only has community support. Email support is for business accounts.

I posted to NextDNS community support forums, we'll see I guess. Maybe I should try a pihole instead?

Edit: just for the sake of anyone finding this thread, I realized my ASUS router (AC-88U) offers DNS filtering built-in from OpenDNS, Cleanbrowsing, Komodo etc. It's actually working over my T-Mobile internet. So that's a good measure for now until I figure this out.
 
Last edited:
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top