Running NextDNS Cli on FWB+

Comments

38 comments

  • Avatar
    Joshbowen83

    Nice catch! I didn't see that. I'll update the Google drive script and my post with that information. Thanks!

    0
    Comment actions Permalink
  • Avatar
    Xfirewallx+firewalla

    What else do I have to consider if I want to run NextDNS CLI directly on FWG/P?

    Above was mentioned deactivating DoH and uncheck cache boost, is this still recommended ?

    0
    Comment actions Permalink
  • Avatar
    hrmax

    @joshbowen83 

    What settings do you use in FW in regard to DNS with the NextDNS Cli running? Just to confirm, it automatically sends the device names to NextDNS?

    0
    Comment actions Permalink
  • Avatar
    Joshbowen83

    I don't believe anything special is needed - other than confirming your LAN's DNS Server settings show the IP Address of Firewalla as primary. That way all DHCP clients look to Firewalla for name resolution first.

    0
    Comment actions Permalink
  • Avatar
    hrmax

    Thanks Joshbowen83 for the script and steps. It worked great other than a few tweaks for device specific configs I added. Are you seeing device names in NextDNS or did you have to set up reserved DHCP IPs and update the FWG hosts file to assign names to IPs (had to do this on my previous RPi). I'm only seeing about 2 actual device names out of 50+ in NextDNS. 

    0
    Comment actions Permalink
  • Avatar
    Joshbowen83

    No IP Reservations or mappings. Try going into NextDNS Setup page and choose IPv4 Linking. Enter the DDNS Hostname from Firewalla (found in More -> DDNS). Other than that, make your WAN DNS Servers use the IP Addresses of NextDNS (also in NextDNS Setup page). All clients should be DHCP, and hostnames configured within Firewalla. That's about it.

    0
    Comment actions Permalink
  • Avatar
    hrmax

    I've taken all those steps. I'm assuming you meant device names and not host names? All the devices have a name by default in FWG and I've manually updated a few. Doesn't seem to be any correlation between those I manually updated and the ones identified in NextDNS. I do have IPv6 enabled and I don't see a way in FWG to set the WAN IPv6 DNS servers to NextDNS servers. Although none of the WAN DNS settings should matter if the NextDNS CLI is intercepting DNS requests to port 53 and sending to NextDNS.

    0
    Comment actions Permalink
  • Avatar
    Joshbowen83

    For ipv6: Network -> WAN Interface -> Edit -> Enable ipv6.

    I see what you're saying. It looks like it auto discovers hostnames which - depending on the device - can't be updated. The NextDNS CLI states that it "Serve from /etc/hosts.". So you probably would need to edit firewalla's hosts file to correct the naming issue.

    0
    Comment actions Permalink

Please sign in to leave a comment.