Advice Request NextDNS thoughts and experiences?

[n8chavez]

@SpiderWeb I agree. I've been using it for months and I've had no issues at all with it.

 

[n8chavez]

NextDNS went CPU crazy today while testing phishing links and I had to uninstall it. I don't know if the client got overloaded or what ...

Went back to Quad9 since I prefer not to install a DNS client.

Why do you have to use the client at all, or any DNS client software for that matter. Both Firefox and Chrome support DoH. If you're using a VPN, most support third-party DNS server. Just add them so that you don't also use the VPN DNS, and you'll be good to go.

 

[Kongo]

New in NextDNS:

 

[Moonhorse]

Anyone using nextdns on firefox doh settings? And how does that compare against quad9 as example

 

[oldschool]

Anyone using nextdns on firefox doh settings? And how does that compare against quad9 as example

I like both of them. Fast. NextDNS is configurable.

 

[Moonhorse]

I like both of them. Fast. NextDNS is configurable.

I mean you have option to choose two dns in firefox doh settings wich are cloudflare & nextdns, do you know if nextdns has public dns address?

 

[SpiderWeb]

New in NextDNS:

View attachment 264189

Nice! turning it off lol

 

[Kongo]

I mean you have option to choose two dns in firefox doh settings wich are cloudflare & nextdns, do you know if nextdns has public dns address?

When creating your account you get your unique Configuration ID that you can just copy from your NextDNS dashboard into the costum Firefox DoH field

.

The public adresses don't have any filtering, so it's not really a good alternative to Quad9 in this case.

 

[Jan Willy]

The public adresses doesn't have any filtering, so it's not really a good alternative to Quad9 in this case.

A little addition: it means that the DNS traffic isn't secured by HTTPS, but all other settings (incl. filterlists) just work as usual.

 

[Kongo]

A little addition: it means that the DNS traffic isn't secured by HTTPS, but all other settings (incl. filterlists) just work as usual.

Maybe I got you wrong, but the public DNS servers don't offer any filtering as they aren't linked to a specific config. If you choose the "NextDNS" option in Firefox you get the NextDNS without filtering (public DNS servers) but with DoH. If you choose to create an account you get your own unique Configuration ID that you have to use everytime you set up NextDNS on a new device. So that your previously chosen blocklists and filter settings from your dashboard are also applied to the new device. You can either choose DoH, DoT / DoQ or no encryption at all.

 

[Jan Willy]

If you choose to create an account you get your own unique Configuration ID that you have to use everytime you set up NextDNS on a new device. So that your previously chosen blocklists and filter settings from your dashboard are also applied to the new device. You can either choose DoH, DoT / DoQ or no encryption at all.

Now I understand what you mean. This quote shows what I meant.

 

[Shadowra]

Hello
I have been using NextDNS for several months and no problems.

Setting made to the smallest detail by me, and it is on NordVPN linked with a No-ip in case of change of IP address

 

[n8chavez]

Hello
I have been using NextDNS for several months and no problems.

Setting made to the smallest detail by me, and it is on NordVPN linked with a No-ip in case of change of IP address

How can that be linked to no ip?

 

[Kongo]

How can that be linked to no ip?

You can set it up on the main page of your dashboard.

 

[n8chavez]

You can set it up on the main page of your dashboard.

View attachment 264209

Sorry to harp on this, but I am curious. After signing up an no-ip, I assume you put that domain in your VPN client as an alternate DNS. Is that right? If that's the case I can't do it this way, because mullvad only supports ipv4 custom dns addresses. I wonder is the same method can be done using Win11 DoH.

 

[Kongo]

sORRY TO HA


Sorry to harp on this, but I am curious. After signing up an no-ip, I assume you put that domain in your VPN client as an alternate DNS. Is that right? If that's the case I can't do it this way, because mullvad only supports ipv4 custom dns addresses. I wonder is the same method can be done using Win11 DoH.

I am not using DDNS so I am not really sure. As far as I know @Shadowra set up his VPN on router level. Routerns normally have a DDNS tab on their configuration page where you can set it up.

 

[n8chavez]

I am not using DDNS so I am not really sure. As far as I know @Shadowra set up his VPN on router level. Routerns normally have a DDNS tab on their configuration page where you can set it up.

Oh, yeah, I cannot do that. My ISP makes me use a stupid combo router with no configuration options!

 

[n8chavez]

I've found a solution that works for Windows 11 DoH. There was a powershell script that does everything for you, after you alter the settings to adjusst to you (ID, device name, and adapter name). It works, based on NextDNS analytics.

#requires -RunAsAdministrator

$id = Read-Host "NextDNS ID"
$device = Read-Host "Device Name (Leave empty if annonymous)"
$template = "https://dns.nextdns.io/" + $id + "/" + $device

$ipv6a = "2a07:a8c0::" + $id.substring(0,2) + ":" + $id.substring(2,4)
$ipv6b = "2a07:a8c1::" + $id.substring(0,2) + ":" + $id.substring(2,4)

Write-Host Adding DOH servers... -ForegroundColor Green
Remove-DnsClientDohServerAddress -ServerAddress 45.90.30.129, 45.90.28.129, $ipv6a, $ipv6b -Erroraction Ignore | Out-Null
Add-DnsClientDohServerAddress -ServerAddress 45.90.28.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress 45.90.30.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6a -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6b -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True

Write-Host Redirect DNS to DOH... -ForegroundColor Green
Get-NetIPConfiguration | where InterfaceAlias -match "^Mine|^Ethernet" | ForEach { ($_).InterfaceIndex } | ForEach { Set-DnsClientServerAddress -InterfaceIndex $_ -ServerAddresses 45.90.28.129, 45.90.30.129, $ipv6a, $ipv6b }

Now I have system-wide nextdns without the need for DDNS or YogaDNS. I hope that helps anyone with the same issue.

 

[Shadowra]

I've found a solution that works for Windows 11 DoH. There was a powershell script that does everything for you, after you alter the settings to adjusst to you (ID, device name, and adapter name). It works, based on NextDNS analytics.


Now I have system-wide nextdns without the need for DDNS or YogaDNS. I hope that helps anyone with the same issue.

If you would have used No-ip's DUC software, you would have done it yourself (I just did it to my mother, her box has a dynamic IP)

DUC needs a check every 5min and update NextDNS, since you have to point the domain in your configuration

 

[n8chavez]

Except that wasn't possible for me. My VPN only allows for ipv4 dns address and there are no settings on my router for that. Also Windows 11 didn't like domains, and only accepted ipv4 addresses as well so no-ip was out of the question for me on a system-wide-level. So, I'll just have to link the IPs. After a few days it'll be a non-issue.