ASUSWRT-Merlin dnsmasq.postconf not allowing other script commands to execute #115
Comments
|
The idea is that most other changes to the dnsmasq conf will conflict with this one. Do you have an example of another service that would be compatible? |
|
In my case, I setup additional dnsmasq records based on nvram variables, so I must do it in a script instead of dnsmasq.conf.add. This includes local host-records, server statements to prevent non-public work-related domain names from being sent upstream, etc. I see how it can be a conflict if someone on Merlin redirects to another service on 127.0.0.1. Maybe you can also include a pc_delete "server=127.0.0.1" "$CONFIG" at the beginning of the if true block. |
|
Why don’t you put local host records in the /etc/hosts file? |
|
You can also use forwarder config with nextdns to send some private domain to somewhere else. |
|
Those were just examples in my own setup. I don't want to debate the merits of whether I should be using dnsmasq.postconf, but just to point out that it's considered heavy-handed in the Merlin community to block any other content from being executed. He who executes last in the script wins. I think the delete of server=127.0.0.1 would avoid conflicts with Unbound or dnscrypt-proxy. Loading Diversion blockfiles into dnsmasq is a delicate issue if you were to force delete them when nextdns is active, but you could do it with |
|
I could append last and revert all possible alterations of the dnsmasq config that could conflict. I just feel like it will be much more brittle. |
|
As I can't access my router lab, I can't test such a change. Would you like to give it a try @dave14305? |
|
I’m back again, running the nextdns CLI on ASUSWRT-Merlin-LTS (John’s fork) and it works well except for the dnsmasq.postconf hijacking (hope it’s not too strong a word). A specific concrete case now is that later in the dnsmasq.postconf is the Diversion command which will enable dnsmasq logging, which becomes important when troubleshooting issues with upstream providers. So if you have a proposed build to try, I’m willing to test it out. I think it might also be time to cut back on the “Received signal” messages. I think you solved that issue well enough. |
|
I will try to find a solution to that ASAP. I'm just curious, why running diversion + nextdns? Isn't it a little redundant? |
|
It’s valuable even with ad-blocking disabled because it manages dnsmasq logging and log rotation. |
|
Honestly, with caching on in the cli, you could just put port 0 in dnsmasq config and get rid of it for DNS. That is what the |
|
It’s often pondered by the users tinkering with Unbound, but in the end, dnsmasq is so ingrained in the firmware that trying to neuter it is daunting. Would nextdns handle resolution of local hostnames found via discovery? And deal with VPN clients running on the router? It gets messy. |
|
Yes, I’m thinking about adding this capability. |
|
Hi, just wondered if this is still being considered? |
The current implementation of the dnsmasq.postconf for ASUSWRT-Merlin prepends the necessary commands to an existing dnsmasq.postconf file, but includes an exit 0 which prevents further commands in the existing script from running. This is a bad design in my opinion.
If you want to ensure the nextdns commands run last and have the final say, then append the content to the existing file.
https://github.com/nextdns/nextdns/blob/master/router/merlin/setup.go#L99
The text was updated successfully, but these errors were encountered: