laracroftonline
Regular Contributor
Just started using nextdns and must say i’m impressed.
NextDNS Installer
- Thread starter Olivier Poitrey
- Start date
maghuro
Very Senior Member
And you'll be more and more as time goes by
My addresses changed from *.*.*.0 for MONTHS which was linked to my ASUS Router. Last Monday they changed to *.*.*.114 and broke everything that morning. In fact, I've not put the new addresses into the ASUS Router yet as I've been waiting for an official answer.
Which now, per earlier replies, counters the prior setup. My NextDNS setup has been linked directly to my ASUS Router since we started this thread.
So what's up.. something get flipped?
Sounds like my ASUS Router + NextDNS should have never been -> *.*.*.0?
What if I have DNS-over-TLS enabled in the router?
Peace and Stay Safe!
Last edited:
Smokey613
Very Senior Member
I have decided to switch back to Unbound and Diversion. NextDNS works great and I really like their user interface, logging and ease of customization. IMHO they have the best solution in the market segment right now. I just decided I want to keep outbound traffic from my network to as little as possible since it is limited and more “in house” control of my network traffic.
L&LD
Part of the Furniture
@Smokey613, so you bought NextDNS and now you stopped using it? I thought you loved it?
Smokey613
Very Senior Member
It works very good and my reason for not using on my router is a personal preference. I still use their app on our phones when away from my network. I can highly recommend their service if one wants to use an off network DNS filtering service.
Per an earlier request, after having tested NextDNS for months as part of the beta, with a manual config setup, I enabled the NextDNS client via the install. What pushed me was my NextDNS addresses changing about a week or so ago on their own (posted earlier).
I also configured the WAN page per cap below. These WAN page settings (and my comments) are what I think the community has concluded over the past 6+ months from many testers using NextDNS with Merlin+amtm's many great features! Please let me know if I'm wrong on the settings or the reasons and I'll update my setup and post a new screen cap.
My main settings and ? are:
1) Should the DNS1, 2 on this page be your NextDNS values or some other provider like QUAD9 or Cloudflare or Google?
2) For Enable Rebind, Enable DNSSEC, and Validate unsigned, I'm pretty sure I've read two cases and separate recommendations:
I also configured the WAN page per cap below. These WAN page settings (and my comments) are what I think the community has concluded over the past 6+ months from many testers using NextDNS with Merlin+amtm's many great features! Please let me know if I'm wrong on the settings or the reasons and I'll update my setup and post a new screen cap.
My main settings and ? are:
1) Should the DNS1, 2 on this page be your NextDNS values or some other provider like QUAD9 or Cloudflare or Google?
2) For Enable Rebind, Enable DNSSEC, and Validate unsigned, I'm pretty sure I've read two cases and separate recommendations:
- When using NextDNS disable ALL 3, b/c it interferes with NextDNS or if you MANUALLY configured your router for NextDNS and do not use the client, then you should disable these for sure.
- Keep all 3 ENABLED, b/c NextDNS client will disable them when it starts. You want to do this in case something happens to NextDNS and you have to fall back. Though I'm unsure what you would fall back to automatically or how to set that up. I assume you would want to know somehow, like maybe an alert from NextDNS saying no queries from you in N-time. Or when you needed to remove NextDNS and restore another DNS and having to remember to reset all these... is really what's being said.
Last edited:
routerbattles
Occasional Visitor
Hi and thanks for the NextDNS service - I really like the service and would like to integrate it into my asus router but I have a few questions @
Olivier Poitrey or @anyone else who may be able to help.
My current setup - diversion, skynet and unbound to block as much as possible and be as private (elatively) as possible.
What I think I want to achieve is as follows - I have three nextdns profiles - one for normal devices. one for kids and one for smart tv's.
I was previously using dnsfilter with custom dns providers to achieve some differentiation between these and using different dns for each.
Having attempted the same putting in standard ip4 address of each profile for nextdns none of these devices seem to be connecting apart from my pc which I have linked the service to on the setup page.
What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?
How come there are no screenshots of what this script achieves - github and here point to each other for more info and I'm struggling to understand what the script does?
Would also like to see the answers to gattaca above.
I'll definitely be interested to see rmerlin's integretation into AMTM hopefully.
Thanks
Olivier Poitrey or @anyone else who may be able to help.
My current setup - diversion, skynet and unbound to block as much as possible and be as private (elatively) as possible.
What I think I want to achieve is as follows - I have three nextdns profiles - one for normal devices. one for kids and one for smart tv's.
I was previously using dnsfilter with custom dns providers to achieve some differentiation between these and using different dns for each.
Having attempted the same putting in standard ip4 address of each profile for nextdns none of these devices seem to be connecting apart from my pc which I have linked the service to on the setup page.
What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?
How come there are no screenshots of what this script achieves - github and here point to each other for more info and I'm struggling to understand what the script does?
Would also like to see the answers to gattaca above.
I'll definitely be interested to see rmerlin's integretation into AMTM hopefully.
Thanks
The “script” installs a DNS service (application) on the router to connect to NextDNS over DoH. It has conditional configuration which allows you to send different clients to different profiles. I think it’s the only way to handle multiple NextDNS profiles behind one router WAN IP.
SomeWhereOverTheRainBow
Part of the Furniture
Let it also be noted if you install nextdns on the router, it becomes your "only" dns solution unless you decide to uninstall it.Hi and thanks for the NextDNS service - I really like the service and would like to integrate it into my asus router but I have a few questions @
Olivier Poitrey or @anyone else who may be able to help.
My current setup - diversion, skynet and unbound to block as much as possible and be as private (elatively) as possible.
What I think I want to achieve is as follows - I have three nextdns profiles - one for normal devices. one for kids and one for smart tv's.
I was previously using dnsfilter with custom dns providers to achieve some differentiation between these and using different dns for each.
Having attempted the same putting in standard ip4 address of each profile for nextdns none of these devices seem to be connecting apart from my pc which I have linked the service to on the setup page.
What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?
How come there are no screenshots of what this script achieves - github and here point to each other for more info and I'm struggling to understand what the script does?
Would also like to see the answers to gattaca above.
I'll definitely be interested to see rmerlin's integretation into AMTM hopefully.
Thanks
XIII
Very Senior Member
Via the router's DNSFilter function?
maghuro
Very Senior Member
^^^ Yes. I use that option for the Arlo Cameras which for some reason did not want to play nice. After I listed them there and sent them directly to QUAD9, no more issues. IDK if that was NextDNS or one of my profiles and I've been too swamped to dig into it.
Yes, I'd love to see answers to my screen shot of exactly what people are using - especially the DNS1/DNS2 settings RMerlin talked about must not be blank. I used the NextDNS entries but I also think using QUAD9 or Cloudflare or something else would be viable for startup. Thanks!
Yes, I'd love to see answers to my screen shot of exactly what people are using - especially the DNS1/DNS2 settings RMerlin talked about must not be blank. I used the NextDNS entries but I also think using QUAD9 or Cloudflare or something else would be viable for startup. Thanks!
Last edited:
"What does the script achieve that attempting to manually configure does not - is manual config even possible with more than one nextdns profile as I'm struggling?"
I saw it explained somewhere but in summary, it changes 2 or 3 files on the router and stops certain services which may interfere with the DNS service...like mentioned in my screen cap.
The files I think are the same ones I manually modified before using the agent:
1) stubby.postconf.fornextdns-20200107
2) dnsmasq.postconf.fornextdns-20200107
3) maybe stubby.yml (unsure).
I saw it explained somewhere but in summary, it changes 2 or 3 files on the router and stops certain services which may interfere with the DNS service...like mentioned in my screen cap.
The files I think are the same ones I manually modified before using the agent:
1) stubby.postconf.fornextdns-20200107
2) dnsmasq.postconf.fornextdns-20200107
3) maybe stubby.yml (unsure).
Gattaca said:
I need to keep al 3 plus DOT disabled otherwise Alexa and the smart switches don't work.
I'm using NextDNS CLI.
- When using NextDNS disable ALL 3, b/c it interferes with NextDNS or if you MANUALLY configured your router for NextDNS and do not use the client, then you should disable these for sure.
- Keep all 3 ENABLED, b/c NextDNS client will disable them when it starts. You want to do this in case something happens to NextDNS and you have to fall back. Though I'm unsure what you would fall back to automatically or how to set that up. I assume you would want to know somehow, like maybe an alert from NextDNS saying no queries from you in N-time. Or when you needed to remove NextDNS and restore another DNS and having to remember to reset all these... is really what's being said.
I need to keep al 3 plus DOT disabled otherwise Alexa and the smart switches don't work.
I'm using NextDNS CLI.
^^^ Interesting. TY for confirming I'm not the only one having to bypass NextDNS for bad-behaving IoT devices. You may want to consider XIII's question above and make those IoT devices bypass the NextDNS setup and use another DNS service like GoogleDNS, Quad9 or Cloudflare by using the router's DNSFilter function. Each device has to be listed. That's what I finally implemented months ago and it's been working fine since. I do not know if devices listed in the router's DNSFilter, bypasses everything with simple "in-the-clear" DNS request to the targets. In other words, "Rebind, DNSSEC, and Validate unsigned and other things" are essentially disabled. RMerlin maybe able to answer that from the router's code.
Gotta love these totally insecure IoT devices. I had to use DNSFilter to bypass NextDNS for my some of my IoT clouded cameras. IDK if there is a limit to the # of IoT devices that can be listed - perhaps in some "DNSFilter" file. Most certainly in the GUI, there will be some limit like with other features. Nice questions! TY.
Gotta love these totally insecure IoT devices. I had to use DNSFilter to bypass NextDNS for my some of my IoT clouded cameras. IDK if there is a limit to the # of IoT devices that can be listed - perhaps in some "DNSFilter" file. Most certainly in the GUI, there will be some limit like with other features. Nice questions! TY.
routerbattles
Occasional Visitor
Thanks for answering my questions above.
Some other thoughts and minor frustrations:
Firstly an update on my setup: I have diversion and skynet and unbound and wish to use different nextdns profiles for different devices.
I found i rather obviously needed to disable unbound and then once I had installed the script I could get my devices to connect through next dns. However the only devices connecting were the ones set to router in dnsfilter - which makes sense as the router now points to nextdns. I then looked to see if the devices I had setup to use the other nextdns profiles were working and no they weren't unfortunately which kind of makes sense.
I will have to be selective around which devices go where but I now understand what is going where after installing the script.
I guess I now need to engage brain and use the following: https://github.com/nextdns/nextdns/wiki/Conditional-Configuration to setup individual clients to devices - I will have to bind all their IP's I believe to make them static?
So is diversion at this point still working with it's filtering on any devices set to router or is it out of action and can be disabled?
Some other thoughts and minor frustrations:
Firstly an update on my setup: I have diversion and skynet and unbound and wish to use different nextdns profiles for different devices.
I found i rather obviously needed to disable unbound and then once I had installed the script I could get my devices to connect through next dns. However the only devices connecting were the ones set to router in dnsfilter - which makes sense as the router now points to nextdns. I then looked to see if the devices I had setup to use the other nextdns profiles were working and no they weren't unfortunately which kind of makes sense.
I will have to be selective around which devices go where but I now understand what is going where after installing the script.
I guess I now need to engage brain and use the following: https://github.com/nextdns/nextdns/wiki/Conditional-Configuration to setup individual clients to devices - I will have to bind all their IP's I believe to make them static?
So is diversion at this point still working with it's filtering on any devices set to router or is it out of action and can be disabled?
You can use MAC addresses and avoid the static assignments.
Similar threads
Similar threads
Similar threads
-
IPv6 and NextDNS Configuration Assistance Request
- Started by bitmonster
- Replies: 19
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10
-
TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)- Started by Viktor Jaep
- Replies: 556