Hi. I'm using nextdns on my entire LAN, through nextdns CLI on an RT-AX86U Pro. Nonetheless, I noticed that nextdns is bypassed by explicit plain DNS queries.
For instance, a query on the likes of
don't appear in nextdns logs.
Activating DNS Director in Merlin is a workaround, but doing so nextdns DoT on my android phone doesn't work anymore in my LAN (obviously, as DNS Director blocks port 853).
Is there a way to avoid plain dns queries to bypass nextdns CLI without relying on DNS Director (or even using it)?
As a suggestion, could an option/checkbox to avoid blocking port 853 be added to the GUI?
In this case, blocking port 853 should be the default. Then most "offending" DoT addresses should/could be filtered by an external blocklist.
Alternatively, is there a manual way to open port 853 even with DNS Director active?
Thanks a lot in advance.
For instance, a query on the likes of
Code:
[xxx@xxxxx ~]$ nslookup google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 216.58.215.174
Name: google.com
Address: 2a00:1450:4003:803::200e
don't appear in nextdns logs.
Activating DNS Director in Merlin is a workaround, but doing so nextdns DoT on my android phone doesn't work anymore in my LAN (obviously, as DNS Director blocks port 853).
Is there a way to avoid plain dns queries to bypass nextdns CLI without relying on DNS Director (or even using it)?
As a suggestion, could an option/checkbox to avoid blocking port 853 be added to the GUI?
In this case, blocking port 853 should be the default. Then most "offending" DoT addresses should/could be filtered by an external blocklist.
Alternatively, is there a manual way to open port 853 even with DNS Director active?
Thanks a lot in advance.
Last edited: