Advice Request NextDNS thoughts and experiences?

Please provide comments and solutions that are helpful to the author of this topic.

Overkill

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
How many blocklists do you all use, and how many queries all together? My weather/news apps only work if I'm using AdGuard DNS by itself, if I add any other blocklists then my videos won't play and I cannot figure out what is being blocked. When I had AdGuard on my phone, I had to whitelist imasdk.googleapis.com but it's not being blocked :unsure:
 
  • Like
Reactions: Nevi and Protomartyr
F

ForgottenSeer 85179

Overkill said:
How many blocklists do you all use, and how many queries all together? My weather/news apps only work if I'm using AdGuard DNS by itself, if I add any other blocklists then my videos won't play and I cannot figure out what is being blocked. When I had AdGuard on my phone, I had to whitelist imasdk.googleapis.com but it's not being blocked :unsure:
Click to expand...
Sounds like you use a <overkill> number of lists.
I use only the default one from NextDNS with my settings from e.g. Thread 'NextDNS: a DoH/ DoT guide' (malwaretips.com)
 
  • Like
  • +Reputation
Reactions: Nevi, Gandalf_The_Grey, Protomartyr and 2 others
Jan Willy

Jan Willy

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 5, 2019
607
Overkill said:
How many blocklists do you all use, and how many queries all together? My weather/news apps only work if I'm using AdGuard DNS by itself, if I add any other blocklists then my videos won't play and I cannot figure out what is being blocked. When I had AdGuard on my phone, I had to whitelist imasdk.googleapis.com but it's not being blocked :unsure:
Click to expand...
In NextDNS I only used Steven Blacks filter list. This setting didn't give any problem on my laptop. But on my Android phone videos in news apps didn't play. This was caused by Steven Blacks filter list. And indeed what you already figured out, whith Adguard filter list everything is o.k. Notice that Steven Blacks filter is integrated in the default NextDNS filter list. I have about 100,000 queries a month.
 
  • Like
Reactions: Nevi, Gandalf_The_Grey, Protomartyr and 3 others
Overkill

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
I have tried all kinds of combo's both overkill, minimal and everything in between, but currently all I have is AdGuard DNS filter list and my news/weather app videos play fine. I just wanted to know how to troubleshoot incase I needed to allow something. it was pretty easy in the AdGuard app.
 
  • Like
  • Applause
Reactions: Nevi, Protomartyr, oldschool and 1 other person
F

ForgottenSeer 85179

Overkill said:
I have tried all kinds of combo's both overkill, minimal and everything in between, but currently all I have is AdGuard DNS filter list and my news/weather app videos play fine. I just wanted to know how to troubleshoot incase I needed to allow something. it was pretty easy in the AdGuard app.
Click to expand...
In NextDNS online account you have a overview with all blocked and allowed domains :)
you can even filter it with search.
 
  • Like
Reactions: Nevi, Overkill, Protomartyr and 1 other person
Overkill

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
My current configuration...

Screenshot_20201207-161600_Chrome.jpg2020-12-07_155609.png2020-12-07_155659.png2020-12-07_155743.png2020-12-07_155838.png2020-12-07_155932.png2020-12-07_160017.png
 
  • Like
Reactions: Venustus, Nevi, Protomartyr and 2 others
Jan Willy

Jan Willy

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 5, 2019
607
Overkill said:
Yes. I have looked all through the blocked domains and can't find anything related to the app videos that should/could be allowed.
Click to expand...
Now I had some time to find out who's to blaim for blocking videos in news apps etc. on Android. Your and my first solution was the easiest way: changing the filter list. It was evident that Steven Blacks filter list and the default NextDNS filter list caused the problem. My conclusion is that it depends on a rule that blocks www.googletagservices.com. If you whitelist this domain, the problem is solved.
Edit: this solution worked only for a short time. After a restart of my phone the problem was back. So for now the best thing is to choose another filter list.
 
Last edited:
  • Like
  • +Reputation
Reactions: Venustus, oldschool, Protomartyr and 3 others
valvaris

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Trismer said:
Does anyone know if it's even possible to force the browser to use Nextdns at the same time as the VPN extension? I tried with Windscribe it seemed to work for some time, but it was constantly disconnected, and now it stably connects its DNS when activated. It didn't work out with ZenMate either.

I use this settings:
user_pref("network.trr.mode", 3);
user_pref("network.trr.uri", "https://dns.nextdns.io/my_id");
user_pref("network.trr.custom_uri", "https://dns.nextdns.io/my_id");
user_pref("network.trr.bootstrapAddress, "1.1.1.1")
user_pref("network.proxy.socks_remote_dns", true);

Seems that it work with
user_pref("network.trr.wait-for-A-and-AAAA", true);
but i don't know why :) I will continue to experiment, I am glad that in Firefox such fine settings are in principle possible.
Click to expand...
Hello @Trismer

I am not sure but it seems that Line 4 "bootstrapAddress" still refers to Cloudflare. The other thing is how VPN Protocol will handle your IP routing.

For Example in OpenVPN you can force in the config to Route DNS Traffic to specific servers! The other part is how the Provider handles DNS Requests.

Another Example known VPN Client connects to Provider Network and the Appliance or Server has specific rules on how DNS will be handled.

Like: If Source Port is 53 UDP send to Destination IP on Port 53 UDP - Some even try to MiM the 53 TCP requests for DoH.

Your best bet is to go DoT from start to finish since the encapsulation has to start from the requester to recursively obtain the destination address. Since NextDNS Suppports DoT very well you could do a easy implementation and go full IPv6 from the Client but it could break other things in the Home-Network. Still the safest way to have a Direct Connection to NextDNS since IPv6 is a Point to Point Protocol. So even if you have a VPN connected and it allows for IPv6 to go thru you will always have a direct Link to NextDNS from the Client to the Server. If the VPN Provider prevent you from using IPv6 or forces a DNS server then there could be another reason behind it since some of those providers use Proxy Chain Servers to bypass Netflix - Funimation and so on checks.

If you are in need for more Explanation I am here to help do not hesitate to ask.

Sincerely
Val.
 
Last edited:
  • Like
Reactions: Venustus, oldschool, Nevi and 4 others
F

ForgottenSeer 78429

Trismer said:
39,524 - requests in 2 days. I don't know how 300,000 can be enough for people. Or do my devices spam requests to the DNS server without control? But it looks like I'll have to buy a subscription, since I'm hooked on this thing. =(
Click to expand...
Are you talking about queries shown in Analytics section? You should check in the account setting page under the email id which shows actual queries you have used out of 300k.
 
  • Like
Reactions: Nevi, Protomartyr, oldschool and 2 others

Similar threads

X195
    • Like
Advice Request Help needed with DNS configuration
Replies
15
Views
1,075
AdGuard
Chuck57
Chuck57
Morro
    • Like
Advice Request I need some honest advice about which DNS server to pick in Portmaster Firewall.
Replies
2
Views
1,556
VPN and DNS
Bot
Bot
SerialCart
    • Like
    • +Reputation
Guide | How To How to get Mullvad VPN work with NextDNS with a custom profile
Replies
12
Views
2,712
Guides - Privacy & Security Tips
ForgottenSeer 107474
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top