Advice Request Your NextDNS settings

  • Thread starter ForgottenSeer 85179
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 85179

Thread author
What are your NextDNS settings and why did you use this instead of default?

Mine are:
- under Security i enabled everything, block Top 10 Most Abused TLD's + ".club"
Reason: i like enhanced security and also the .club domain is used by some streaming sites

- under Privacy i use NextDNS Recommended Ads & Trackers Blocklist, AdGuard DNS filter, UncheckyAds and only have "Block Disguised Third-Party Trackers" enabled
Reason: While the default list is good, i also like the AdGuard list. The Unchecky list is small and maybe useful for some user's in my network

- under Parental Control i block "Piracy" and "Gambling" and only have "Block Bypass Methods" enabled
Reason: This is a default config every device is used in my network (as i config this encrypted DNS at router level) so i don't want restrict to much

- under Denylist i added "*.ampproject.org", "*.ampproject.net" and "*.amp.cloudflare.com" which block Google AMP crap

- under Allowlist i added "*.microsoft.com" as i use Windows so it doesn't make sense to restrict any domains

- under Settings i enabled "Enable Logs", "Log domains", "Anonymized EDNS Client Subnet", "Cache Boost" and disable "Log client IP" & "handshake" & "enable block page" and also change storage location to "EU" and change "log retention" to 1 month
Reason: best privacy

Now you!
 

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
I have added AdGuard DNS filter along with default one. Block Disguised Third-Party and Block Bypass Methods are also enabled.
I can't seem to figure out why there is a DNS leak on the system (even though NextDNS seems to be working fine, tested by enabling parental control)? Is there any option to enable DNS over HTTPS/TLS to prevent this?
 
F

ForgottenSeer 85179

Thread author
I have added AdGuard DNS filter along with default one. Block Disguised Third-Party and Block Bypass Methods are also enabled.
I can't seem to figure out why there is a DNS leak on the system (even though NextDNS seems to be working fine, tested by enabling parental control)? Is there any option to enable DNS over HTTPS/TLS to prevent this?
What DNS settings did you use and where?
I don't have any leaks here.
NextDNS provide all types of DNS.
 

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869

Attachments

  • Annotation 2020-07-19 170623.JPG
    Annotation 2020-07-19 170623.JPG
    91.1 KB · Views: 587
  • Annotation 2020-07-19 170655.JPG
    Annotation 2020-07-19 170655.JPG
    21.9 KB · Views: 603

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
Is that the NextDNS Windows tool on your second screen?
Yes

What did you have configured in Windows itself?
Nothing. Blank

I should have mentioned earlier that my ISP likes to hijack DNS requests unless they are encrypted. That's why I can only use DoH/DoT and other encrypted DNS protocols.
 

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
Try adding NextDNS to Windows DNS settings. They're currently not compatible for DoH or DoT (Windows will get that in future) but just to check if that help against leaks
Will try that.

You should not expose your nextdns servers publicly. Anybody can hope on your dns server ip and eat to your allotted 300K queries. Please remove the third image you have attached, it contains your unique Nextdns server address.
Are you sure about that? Providing separate DNS servers to each user seems like a lot of work on the part of NextDNS. I deleted that image though.
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
under Privacy i use NextDNS Recommended Ads & Trackers Blocklist, AdGuard DNS filter, UncheckyAds
Adguard DNS filter and UncheckyAds are already integrated in NextDNS Recommended Ads & Trackers Blocklist.
See nextdns/metadata
I don't use Parental Control and Google Safe Browsing.
Native Tracking Protection: only Windows (abusive tracking).
In the last 30 days is 5,34% of the queries blocked.
 
F

ForgottenSeer 85179

Thread author
Adguard DNS filter and UncheckyAds are already integrated in NextDNS Recommended Ads & Trackers Blocklist.
See nextdns/metadata
I don't use Parental Control and Google Safe Browsing.
Native Tracking Protection: only Windows (abusive tracking).
In the last 30 days is 5,34% of the queries blocked.
Nope. That are only all the lists they provide.
by default these privacy lists are used:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
- https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts
- https://raw.githubusercontent.com/tiuxo/hosts/master/ads

See nextdns/metadata



Still getting DNS Leak :(
I think I will uninstall the NextDNS app and try out the NextDNS through YogaDNS.
First try without any app. Just change Windows settings.
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
799
Will try that.


Are you sure about that? Providing separate DNS servers to each user seems like a lot of work on the part of NextDNS. I deleted that image though.
Yes because of two reasons
1.They offer only 300k queries for free per month, anything over that you need to pay $2 or the filtering service ( not the dns service) will stop. So they need to identify you to log the number of queries.
2. There is query counter ( click on the down arow on your user name) as shown below, the query counting will not stop even if you use the ipv4 dns address in router or windows dns setting that simply means the dns server address is pretty unique.
Untitled-1.jpg
 

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
That doesn't work cause of my scummy ISP. Any unencrypted DNS with be hijacked by them.
This is their excuse to do this.
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
799
You can shift dns server on the fly in yoga dns or use a separate dns server for some specific address. it is so versatile. You just need to go to configuration> first start wizard and add each dns servers one by one. then to change dns servers on fly go to configuration> Rules, click down on "Dns server" tab and select your preferred dns server from the list.
Untitled-1.jpg
 

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
You can shift dns server on the fly in yoga dns or use a separate dns server for some specific address. it is so versatile. You just need to go to configuration> first start wizard and add each dns servers one by one. then to change dns servers on fly go to configuration> Rules, click down on "Dns server" tab and select your preferred dns server from the list.
View attachment 244448
Yeah, I know. I was already using it. Just not with NextDNS. It seems like Adguard DNS but with better privacy and very low latency (I get over 160ms with adguard DNS)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top