Hello to all,

First things First:
For all Posted Applications and Lists
1. I am not responsible for damaged Hardware / Software of any kind
2. I do not own or am affiliated to the company / developers linked here
3. This is not a sponsored thread and do this as part of my hobby
4. Have fun and share your findings / experiences


I just wanted to document on how to install NextDNS on a Pfsense Firewall box.

Why install?

For me it was a "peace of mind" thing since like the most I have a dynamic IP and want to know how each client behaves on the logs. (Self registering over NextDNS api and ID)

What does it do?

It installs an alternative to the unbound DNS Server.

How is the Setup?

Actually super easy and only requires a NextDNS account if you have more then 300000 Queries. At that point I was not sure how much I needed so I bought a Pro account for my household. (Private/Family)

Cmon come to the point!

OK OK - First you need a NextDNS ID (works with temp accounts too) <300,000 Queries - Then the git page -> nextdns/nextdns

Then shell access to your pfsense box (SSH) -> Option 8 -> Then use the Install script
sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'
Follow the instructions and insert the ID provided by NextDNS

1. Disable the Service "unbound" over the WebGUI of the Pfsense box
2. Delete DNS entries under System -> General Setup
-> 3. If you have special settings under Services -> DNS Resolver -> Custom Options [Caution -> If you use PFblockerNG do not delete the first line to the config!]
-> 4. If you have PFblockerNG installed there is no need for it since NextDNS can handle the workload! [Just double check the NextDNS Logs to see if filters are setup as you want it]

after that we go again to the Pfsense shell -> (SSH) -> Option 8
What we do there is change the cache size -> nextdns/nextdns
sh -c "nextdns config set -cache-size=10MB"
sh -c "nextdns restart"
AND Only IF -> "NextDNS with a custom configuration ID is configured!"
sh -c "nextdns config set -max-ttl=5s"
sh -c "nextdns restart"
To clear out the cache as explained here -> nextdns/nextdns

Then test your config with NextDNS...

What is should do?

in the logs it should show your devices in the network that request DNS queries. Then all requests should show a lock symbol for DNS over HTTPS - I tested with DNS over TLS but had DNS Leak issues.

Proof of working config:

If more detail is needed just ask I am happy to provide more info.

Only If you want to help me out by getting NextDNS there is a Affiliate Link from me -> NextDNS <- Major Thanks in advance! I'll test some more and post updates... ;)

Best regards
Last edited: