Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
VPN and DNS
NextDNS thoughts and experiences?
Message
<blockquote data-quote="valvaris" data-source="post: 919151" data-attributes="member: 38787"><p>Hello [USER=88726]@Trismer[/USER]</p><p></p><p>Yap the Bootstrap should still go to NextDNS not Cloudflare for the initial connection <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>Now to the tricky bit I admit with the extension bit that Browser Extensions use Proxy to forward traffic. Now to more tricky bit - If you have Leak issues on Windows try this out plz -> <a href="https://www.neowin.net/news/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8" target="_blank">Guide: Prevent DNS leakage while using a VPN on Windows 10 (and Windows 8) - Neowin</a></p><p></p><p>This comes from an article at Checkpoint-Checkmates -> <a href="https://community.checkpoint.com/t5/General-Topics/DNS-Security/td-p/38110" target="_blank">DNS Security - Check Point CheckMates</a> <- I know it refers to Cloudflare but just to understand why leaking is bad. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /> (For sure you already know)</p><p></p><p>Now to break down extensions - I do not know how Firefox Extensions function but if it is any similar to Chrome/Chromium you can look at the code inside.</p><p></p><p>As an example I use Edge Chromium:</p><p></p><p>What you need:</p><p>- Extension ID (Tip use Developer Mode)</p><p>- Export Extension to File</p><p></p><p>What you can do with it:</p><p>- View Code inside</p><p></p><p>I did that for the SandBlast Checkpoint extension to troubleshoot URL-Filtering and Cloud-connectivity - As for the Windscribe extension you can view if there is a setting that commits the changes every now and then.</p><p></p><p>For Windscribe the AppID on the ChromeStore is: hnmpcagpplmpfojmgmnngilcnanddlhb</p><p></p><p>Export it to file and then you can see what it does and how it does it. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>In terms of logic - Proxy Settings overrule local settings</p><p>But there is a Proxy Bypass mode too...</p><p>I just know this form a System Local or Edge Chromium use case "not Firefox"! The reason is simple I do not use it even in professional Administration. (Personal Preference)</p><p>-> <a href="https://andykdocs.de/development/Windows/Proxy+Configuration+via+Command+Line" target="_blank">Setting a proxy for Windows using the command-line - AndyK Docs</a> <- This works with the Legacy Internet Explorer / Windows Services / Edge Chromium --- Untested with Firefox</p><p></p><p>In terms of DNS over HTTPs it depends who the requester is on how the request is made even a uplink server can make a DoH request for you. But still you are right if your Browser does a DoH request for a Domain to NextDNS this should be encrypted. (View Logs if so from your Client)</p><p></p><p>In my use case I use a DoH client at the Router level that listens at Port 53 and forwards those to NextDNS with the NextDNS DoH Client installed and my ID. So my clients only know of a local DNS server never the public one - plus a DNAT rule that forwards all rogue DNS query's that are not my Routers IP - to that IP and presto everything has to go thru. Of course I still need to block DoH/DoT services there is a good list out there:</p><p></p><p>dns.google</p><p>dns.quad9.net, dns9.quad9.net, dns10.quad9.net, dns11.quad9.net</p><p>dns.cloudflare.com</p><p>doh.dns.sb</p><p>dns.nextdns.io</p><p>dns.cleanbrowsing.org</p><p>doh.securedns.eu</p><p></p><p>Source -> <a href="https://support.sophos.com/support/s/article/KB-000039056?language=en_US" target="_blank">DNS over HTTPS (DoH) for web security (sophos.com)</a></p><p></p><p>But the principals still remain. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>Best regards</p><p>Val.</p></blockquote><p></p>
[QUOTE="valvaris, post: 919151, member: 38787"] Hello [USER=88726]@Trismer[/USER] Yap the Bootstrap should still go to NextDNS not Cloudflare for the initial connection :) Now to the tricky bit I admit with the extension bit that Browser Extensions use Proxy to forward traffic. Now to more tricky bit - If you have Leak issues on Windows try this out plz -> [URL='https://www.neowin.net/news/guide-prevent-dns-leakage-while-using-a-vpn-on-windows-10-and-windows-8']Guide: Prevent DNS leakage while using a VPN on Windows 10 (and Windows 8) - Neowin[/URL] This comes from an article at Checkpoint-Checkmates -> [URL='https://community.checkpoint.com/t5/General-Topics/DNS-Security/td-p/38110']DNS Security - Check Point CheckMates[/URL] <- I know it refers to Cloudflare but just to understand why leaking is bad. :D (For sure you already know) Now to break down extensions - I do not know how Firefox Extensions function but if it is any similar to Chrome/Chromium you can look at the code inside. As an example I use Edge Chromium: What you need: - Extension ID (Tip use Developer Mode) - Export Extension to File What you can do with it: - View Code inside I did that for the SandBlast Checkpoint extension to troubleshoot URL-Filtering and Cloud-connectivity - As for the Windscribe extension you can view if there is a setting that commits the changes every now and then. For Windscribe the AppID on the ChromeStore is: hnmpcagpplmpfojmgmnngilcnanddlhb Export it to file and then you can see what it does and how it does it. :) In terms of logic - Proxy Settings overrule local settings But there is a Proxy Bypass mode too... I just know this form a System Local or Edge Chromium use case "not Firefox"! The reason is simple I do not use it even in professional Administration. (Personal Preference) -> [URL='https://andykdocs.de/development/Windows/Proxy+Configuration+via+Command+Line']Setting a proxy for Windows using the command-line - AndyK Docs[/URL] <- This works with the Legacy Internet Explorer / Windows Services / Edge Chromium --- Untested with Firefox In terms of DNS over HTTPs it depends who the requester is on how the request is made even a uplink server can make a DoH request for you. But still you are right if your Browser does a DoH request for a Domain to NextDNS this should be encrypted. (View Logs if so from your Client) In my use case I use a DoH client at the Router level that listens at Port 53 and forwards those to NextDNS with the NextDNS DoH Client installed and my ID. So my clients only know of a local DNS server never the public one - plus a DNAT rule that forwards all rogue DNS query's that are not my Routers IP - to that IP and presto everything has to go thru. Of course I still need to block DoH/DoT services there is a good list out there: dns.google dns.quad9.net, dns9.quad9.net, dns10.quad9.net, dns11.quad9.net dns.cloudflare.com doh.dns.sb dns.nextdns.io dns.cleanbrowsing.org doh.securedns.eu Source -> [URL='https://support.sophos.com/support/s/article/KB-000039056?language=en_US']DNS over HTTPS (DoH) for web security (sophos.com)[/URL] But the principals still remain. :) Best regards Val. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
