NextDNS Installer

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

laracroftonline

Regular Contributor
Just started using nextdns and must say i’m impressed.
 

gattaca

Senior Member
So it was a bug that was corrected on website, because my ipv4 linked ip servers definitely changed from 45.90.28.0 and 45.90.30.0 to 45.90.28.60 and 45.90.30.60
My addresses changed from *.*.*.0 for MONTHS which was linked to my ASUS Router. Last Monday they changed to *.*.*.114 and broke everything that morning. In fact, I've not put the new addresses into the ASUS Router yet as I've been waiting for an official answer.
Which now, per earlier replies, counters the prior setup. My NextDNS setup has been linked directly to my ASUS Router since we started this thread.
So what's up.. something get flipped?
Sounds like my ASUS Router + NextDNS should have never been -> *.*.*.0?
What if I have DNS-over-TLS enabled in the router?
Peace and Stay Safe! SNB-ASUS-NextDNS01-20200524.jpg
 
Last edited:

Smokey613

Senior Member
I have decided to switch back to Unbound and Diversion. NextDNS works great and I really like their user interface, logging and ease of customization. IMHO they have the best solution in the market segment right now. I just decided I want to keep outbound traffic from my network to as little as possible since it is limited and more “in house” control of my network traffic.
 

L&LD

Part of the Furniture
@Smokey613, so you bought NextDNS and now you stopped using it? I thought you loved it?
 

Smokey613

Senior Member
@Smokey613, so you bought NextDNS and now you stopped using it? I thought you loved it?
It works very good and my reason for not using on my router is a personal preference. I still use their app on our phones when away from my network. I can highly recommend their service if one wants to use an off network DNS filtering service.
 

gattaca

Senior Member
Per an earlier request, after having tested NextDNS for months as part of the beta, with a manual config setup, I enabled the NextDNS client via the install. What pushed me was my NextDNS addresses changing about a week or so ago on their own (posted earlier).

I also configured the WAN page per cap below. These WAN page settings (and my comments) are what I think the community has concluded over the past 6+ months from many testers using NextDNS with Merlin+amtm's many great features! Please let me know if I'm wrong on the settings or the reasons and I'll update my setup and post a new screen cap.

My main settings and ? are:

1) Should the DNS1, 2 on this page be your NextDNS values or some other provider like QUAD9 or Cloudflare or Google?

2) For Enable Rebind, Enable DNSSEC, and Validate unsigned, I'm pretty sure I've read two cases and separate recommendations:
  1. When using NextDNS disable ALL 3, b/c it interferes with NextDNS or if you MANUALLY configured your router for NextDNS and do not use the client, then you should disable these for sure.
  2. Keep all 3 ENABLED, b/c NextDNS client will disable them when it starts. You want to do this in case something happens to NextDNS and you have to fall back. Though I'm unsure what you would fall back to automatically or how to set that up. I assume you would want to know somehow, like maybe an alert from NextDNS saying no queries from you in N-time. Or when you needed to remove NextDNS and restore another DNS and having to remember to reset all these... is really what's being said.
Have a great Memorial Day! Stay Safe!

SNB-ASUS-NextDNS01-20200525.jpg
 
Last edited:

XIII

Very Senior Member
Trend Micro engine calls to rgom10-en.url.trendmicro.com are listed using my (router's) external IP in NextDNS.

How can I make it display a meaningful name? (Like "router" or "AC86U"?)
 

routerbattles

Occasional Visitor
Hi and thanks for the NextDNS service - I really like the service and would like to integrate it into my asus router but I have a few questions @
Olivier Poitrey or @anyone else who may be able to help.

My current setup - diversion, skynet and unbound to block as much as possible and be as private (elatively) as possible.

What I think I want to achieve is as follows - I have three nextdns profiles - one for normal devices. one for kids and one for smart tv's.


I was previously using dnsfilter with custom dns providers to achieve some differentiation between these and using different dns for each.

Having attempted the same putting in standard ip4 address of each profile for nextdns none of these devices seem to be connecting apart from my pc which I have linked the service to on the setup page.

What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?

How come there are no screenshots of what this script achieves - github and here point to each other for more info and I'm struggling to understand what the script does?

Would also like to see the answers to gattaca above.

I'll definitely be interested to see rmerlin's integretation into AMTM hopefully.

Thanks :)
 

dave14305

Part of the Furniture
What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?
The “script” installs a DNS service (application) on the router to connect to NextDNS over DoH. It has conditional configuration which allows you to send different clients to different profiles. I think it’s the only way to handle multiple NextDNS profiles behind one router WAN IP.
 

SomeWhereOverTheRainBow

Very Senior Member
Hi and thanks for the NextDNS service - I really like the service and would like to integrate it into my asus router but I have a few questions @
Olivier Poitrey or @anyone else who may be able to help.

My current setup - diversion, skynet and unbound to block as much as possible and be as private (elatively) as possible.

What I think I want to achieve is as follows - I have three nextdns profiles - one for normal devices. one for kids and one for smart tv's.


I was previously using dnsfilter with custom dns providers to achieve some differentiation between these and using different dns for each.

Having attempted the same putting in standard ip4 address of each profile for nextdns none of these devices seem to be connecting apart from my pc which I have linked the service to on the setup page.

What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?

How come there are no screenshots of what this script achieves - github and here point to each other for more info and I'm struggling to understand what the script does?

Would also like to see the answers to gattaca above.

I'll definitely be interested to see rmerlin's integretation into AMTM hopefully.

Thanks :)
Let it also be noted if you install nextdns on the router, it becomes your "only" dns solution unless you decide to uninstall it.
 

maghuro

Very Senior Member
Does anyone know how to make one of my devices bypassing completely nextdns app on router?
I mean, I've the app installed and I want all my devices to use it, except one that I want it to use the given DNS in wan.
 

gattaca

Senior Member
^^^ Yes. I use that option for the Nest Cameras which for some reason did not want to play nice. After I listed them there and sent them directly to QUAD9, no more issues. IDK if that was NextDNS or one of my profiles and I've been too swamped to dig into it.

Yes, I'd love to see answers to my screen shot of exactly what people are using - especially the DNS1/DNS2 settings RMerlin talked about must not be blank. I used the NextDNS entries but I also think using QUAD9 or Cloudflare or something else would be viable for startup. Thanks!
 

gattaca

Senior Member
"What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?"

I saw it explained somewhere but in summary, it changes 2 or 3 files on the router and stops certain services which may interfere with the DNS service...like mentioned in my screen cap.

The files I think are the same ones I manually modified before using the agent:
1) stubby.postconf.fornextdns-20200107
2) dnsmasq.postconf.fornextdns-20200107
3) maybe stubby.yml (unsure).
 

asmopul

Occasional Visitor
Gattaca said:
  1. When using NextDNS disable ALL 3, b/c it interferes with NextDNS or if you MANUALLY configured your router for NextDNS and do not use the client, then you should disable these for sure.
  2. Keep all 3 ENABLED, b/c NextDNS client will disable them when it starts. You want to do this in case something happens to NextDNS and you have to fall back. Though I'm unsure what you would fall back to automatically or how to set that up. I assume you would want to know somehow, like maybe an alert from NextDNS saying no queries from you in N-time. Or when you needed to remove NextDNS and restore another DNS and having to remember to reset all these... is really what's being said.
Have a great Memorial Day! Stay Safe!

I need to keep al 3 plus DOT disabled otherwise Alexa and the smart switches don't work.
I'm using NextDNS CLI.
 

gattaca

Senior Member
^^^ Interesting. TY for confirming I'm not the only one having to bypass NextDNS for bad-behaving IoT devices. You may want to consider XIII's question above and make those IoT devices bypass the NextDNS setup and use another DNS service like GoogleDNS, Quad9 or Cloudflare by using the router's DNSFilter function. Each device has to be listed. That's what I finally implemented months ago and it's been working fine since. I do not know if devices listed in the router's DNSFilter, bypasses everything with simple "in-the-clear" DNS request to the targets. In other words, "Rebind, DNSSEC, and Validate unsigned and other things" are essentially disabled. RMerlin maybe able to answer that from the router's code.

Gotta love these totally insecure IoT devices. I had to use DNSFilter to bypass NextDNS for my some of my IoT clouded cameras. IDK if there is a limit to the # of IoT devices that can be listed - perhaps in some "DNSFilter" file. Most certainly in the GUI, there will be some limit like with other features. Nice questions! TY.
 

routerbattles

Occasional Visitor
Thanks for answering my questions above.

Some other thoughts and minor frustrations:

Firstly an update on my setup: I have diversion and skynet and unbound and wish to use different nextdns profiles for different devices.

I found i rather obviously needed to disable unbound and then once I had installed the script I could get my devices to connect through next dns. However the only devices connecting were the ones set to router in dnsfilter - which makes sense as the router now points to nextdns. I then looked to see if the devices I had setup to use the other nextdns profiles were working and no they weren't unfortunately which kind of makes sense.

I will have to be selective around which devices go where but I now understand what is going where after installing the script.

I guess I now need to engage brain and use the following: https://github.com/nextdns/nextdns/wiki/Conditional-Configuration to setup individual clients to devices - I will have to bind all their IP's I believe to make them static?

So is diversion at this point still working with it's filtering on any devices set to router or is it out of action and can be disabled?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top