What's new
By:

NextDNS: Thumbs up, Thumbs down?

Do you Like or Dislike NextDNS installed on the Router?

  • Total voters
    25
J

JT Strickland

Very Senior Member
Anyone have any comments regarding NextDNS on your own or others experience primarily installed at the Router level?
Does it present a lot of challenges with, or disable other scripts?
 
The CLI that NextDNS themselves offers was problematic in the past and would stop resolving for no good reason. For me anyway. But I haven't had a problem lately. In fact, it's rather rock solid in terms of stability now.

The only potential problem is when the WAN connection goes out for whatever reason, the CLI seems to use a considerable amount of memory and even takes a chunk of the swapfile on the USB drive. Maybe this is intentional though?

In any case, I'm happy with the speeds as well as the utility it offers. I haven't noticed any conflicts with other scripts, except maybe Diversion, which shouldn't be used with the CLI anyway.

I have an RT-AC86U with the latest Merlin firmware.
 
Oh. I forgot. I also had a problem a few weeks ago where DNS would fail completely, and NextDNS would say something in the log like too many requests at one time, or something similar. The issue is due to how NextDNS does TTL. It forces a super low (default 5 seconds) TTL on clients so they are forced to constantly query the cache on the router. This is done so changes made on your NextDNS profile (whitelisting a domain, for example) go out to clients quickly.

To fix this, I just raised the max-ttl value in the CLI configuration. Something more sensible like 30 seconds should do the trick. Or, as I've been doing lately, just set the value to 0, so clients are given the real TTL time (useful if you rarely find yourself whitelisting domains) and rely on each device's own DNS cache.
 
Last edited:
JJohnson1988 said:
Oh. I forgot. I also had a problem a few weeks ago where DNS would fail completely, and NextDNS would say something in the log like too many requests at one time, or something similar. The issue is due to how NextDNS does TTL. It forces a super low (default 5 seconds) TTL on clients so they are forced to constantly query the cache on the router. This is done so changes made on your NextDNS profile (whitelisting a domain, for example) go out to clients quickly.

To fix this, I just raised the max-ttl value in the CLI configuration. Something more sensible like 30 seconds should do the trick. Or, as I've been doing lately, just set the value to 0, so clients are given the real TTL time (useful if you rarely find yourself whitelisting domains) and rely on each device's own DNS cache.
Click to expand...
Thanks, I've got to take a close look at the config settings. It looks like skynet is down, I don't think it's compatible with it. It's been an old friend that I'll miss if I stay with NextDNS. Or it may be a new friend again.
 
JJohnson1988 said:
Skynet should work with it, no problem. I use both together.
Click to expand...
Yea, me too, my bad. It was turning over it's weekly leaf when I looked, no data yet. It's up now.
I compared my config with another that was posted, and only difference was mine had "auto-activate true"
 
I like it so far. If I could just figure out how to use it with Survshark VPN.
 
JT Strickland said:
Anyone have any comments regarding NextDNS on your own or others experience primarily installed at the Router level?
Does it present a lot of challenges with, or disable other scripts?
Click to expand...
I personally find NextDNS subpar compared to self managing my network with a pihole, diversion, or AdGuardHome.

JJohnson1988 said:
The only potential problem is when the WAN connection goes out for whatever reason, the CLI seems to use a considerable amount of memory and even takes a chunk of the swapfile on the USB drive. Maybe this is intentional though?
Click to expand...
Sounds more like a potential memory leak, or caused by a race condition. May want to cruise over NextDNS github to notify the developers on their issue platform. One of the problems of lines and lines of GO code. It is something they would have to track down provided you have the time to submit debugging details to them.
 
SomeWhereOverTheRainBow said:
I personally find NextDNS subpar compared to self managing my network with a pihole, diversion, or AdGuardHome.
Click to expand...
And it may be, but NextDNS seems to be more manageable to those of us with a lesser knowledge of these tools.
NextDNS seems easier to me now, but the contrary may be proven.
 
JT Strickland said:
And it may be, but NextDNS seems to be more manageable to those of us with a lesser knowledge of these tools.
NextDNS seems easier to me now, but the contrary may be proven.
Click to expand...
I implore those to step out of their 'lesser knowledge' boundaries. Doing such might empower users to create a feedback channel with the NextDNS developers such that some of these nuances that NextDNS cli has may be properly addressed for the better of all users. One of the reasons I dropped the service was because of this lack of feedback channel- (i.e. the customer support, feedback, troubleshooting) was a brick wall.
 
I know fairly well what I'm doing, and in that regard I really like Diversion and AGH in concept. The problem is my AC86U's memory gets devoured with the blocklists I use, plus IPv6 support. So by offloading the work to NextDNS (I'm not locally loading the blocklists into router memory), my router isn't constantly swap thrashing. As much as I would like the external USB drive to get a workout, I also want it to last a while, personally.

If I had a router with more memory, like one of the newer AX models, that would likely be a different story.
 
SomeWhereOverTheRainBow said:
I implore those to step out of their 'lesser knowledge' boundaries. Doing such might empower users to create a feedback channel with the NextDNS developers such that some of these nuances that NextDNS cli has may be properly addressed for the better of all users. One of the reasons I dropped the service was because of this lack of feedback channel- (i.e. the customer support, feedback, troubleshooting) was a brick wall.
Click to expand...
That does seem to be the case. It's difficult to get help or grumble or make a suggestion. I hope it improves.
 
JT Strickland said:
That does seem to be the case. It's difficult to get help or grumble or make a suggestion. I hope it improves.
Click to expand...
Further to the post you've replied to here, I'm just looking to clarify just how you're using (or trying to) all those scripts in your sig with NextDNS - are you double firewalling and adblocking and access scheduling and and and? IF NextDNS's support is less than accessible - what about the devs here and their scripts? have you reached out to them? Seems to me the merlin crew has put together (for the platforms in question) a very effective and powerful suite of tools for users (with tutorials/walkthroughs!) that equal or better some of the commercially available ones - and you can get almost instant support from the people who build/maintain them.
Martineau brought us unbound and WireGuard (well, he stood on some shoulders for that, and is letting Zeb run with it), there's diversion and skynet, the YazDHCP for those who can use it...NTPMerlin for those of us who appreciate some precision timekeeping...and for a kitchen sink, try scMerlin to keep an eye on how everything is playing together. Arent these plenty/enough?
 
heysoundude said:
Further to the post you've replied to here, I'm just looking to clarify just how you're using (or trying to) all those scripts in your sig with NextDNS - are you double firewalling and adblocking and access scheduling and and and? IF NextDNS's support is less than accessible - what about the devs here and their scripts? have you reached out to them? Seems to me the merlin crew has put together (for the platforms in question) a very effective and powerful suite of tools for users (with tutorials/walkthroughs!) that equal or better some of the commercially available ones - and you can get almost instant support from the people who build/maintain them.
Martineau brought us unbound and WireGuard (well, he stood on some shoulders for that, and is letting Zeb run with it), there's diversion and skynet, the YazDHCP for those who can use it...NTPMerlin for those of us who appreciate some precision timekeeping...and for a kitchen sink, try scMerlin to keep an eye on how everything is playing together. Arent these plenty/enough?
Click to expand...
That is the purpose of this thread, to try to find out what effect it would have on my scripts, what it could do, and if it was worth it.. My straw poll is 2 to 1 for it.
I had voted YES but now have second thoughts, since my router got totaly trashed just a few days after installing it.
That might not be the culprit, but I'm holding it accountable, and removed it.
What's in your signature?
 
dave14305 said:
NextDNS is known to interfere with other scripts using dnsmasq.postconf.

github.com

ASUSWRT-Merlin dnsmasq.postconf not allowing other script commands to execute · Issue #115 · nextdns/nextdns

The current implementation of the dnsmasq.postconf for ASUSWRT-Merlin prepends the necessary commands to an existing dnsmasq.postconf file, but includes an exit 0 which prevents further commands in...
github.com github.com
Click to expand...
I was afraid of that, but I couldn't turn up anything with a search. Actually too much that was unrelated.
Well it's gone off my machine before the trial period ended.
I hoped someone would pitch in on the cons here, and I thank you.
 
dave14305 said:
NextDNS is known to interfere with other scripts using dnsmasq.postconf.

github.com

ASUSWRT-Merlin dnsmasq.postconf not allowing other script commands to execute · Issue #115 · nextdns/nextdns

The current implementation of the dnsmasq.postconf for ASUSWRT-Merlin prepends the necessary commands to an existing dnsmasq.postconf file, but includes an exit 0 which prevents further commands in...
github.com github.com
Click to expand...
Yea, so NextDNS intentionally will exit out not allowing any scripts past it to run in dnsmasq.postconf? That is a bit drastic. As for putting dnsmasq port to 0, couldn't that potentially break any local router resolution functionality- possibly even break aimesh and guestnetworks?
 
Last edited:
I never, ever used the NextDNS client, just setup manually. I've had fits and starts with it over the past two years but (knocking on real wood) my manual setup has been behaving lately.
 
You must log in or register to reply here.

Similar threads

K
Tutorial [Scripts][2025-12-07] SSD TRIM, IPSet-based Firewall & Tunnel Director, IPv6 Enhancements, WG Port Forwarder, and more
3 4 5
Replies
85
Views
15K
Untried3868
Untried3868
B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
6K
easyriider
easyriider
AppleBag
Skynet Help me track down this Skynet(?) mystery?
Replies
4
Views
820
AppleBag
AppleBag
R
knock v1.2 (Updated 31DEC2025) - router commands for non-admin users
2
Replies
22
Views
2K
visortgw
visortgw
ExtremeFiretop
MerlinAU MerlinAU v1.6.0 - The Ultimate Firmware Auto-Updater
3 4 5
Replies
85
Views
9K
ExtremeFiretop
ExtremeFiretop

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,926 (members: 17, guests: 2,909)
Back
Top