NextDNS Installer

[momall]

In the "Top Devices" part of the analytics, is there anyway to have them report or change to more friendly names? I loved that about Diversion and the stats. So yes I realize I can install the NextDNS app on devices and have it report the name but that I don't want to do that for every device, every device I have isn't supported and that kind of defeats the purpose of running this at the router level. Most of my devices never leave the house.

I guess in the "How to Identify Your Devices" section I don't understand where I would put those URL endpoints at all. (append or prepend)

Thanks for this service I'm enjoying testing it out.

I had this challenge with my NAS. I ended up creating a separate network config for it. doesnt scale well, though.

 

[5stringdeath]

I had this challenge with my NAS. I ended up creating a separate network config for it. doesnt scale well, though.

I guess its like the issue with PiHole not reporting names either, unless you had named LAN and other issues I never overcame. I will probably just revert to Diversion if that is the case.

Could be a useful tool for an out and about VPN/DNS filter though.

 

[dave14305]

In the "Top Devices" part of the analytics, is there anyway to have them report or change to more friendly names? I loved that about Diversion and the stats. So yes I realize I can install the NextDNS app on devices and have it report the name but that I don't want to do that for every device, every device I have isn't supported and that kind of defeats the purpose of running this at the router level. Most of my devices never leave the house.

I guess in the "How to Identify Your Devices" section I don't understand where I would put those URL endpoints at all. (append or prepend)

Thanks for this service I'm enjoying testing it out.

When using NextDNS on the router, your options are limited since dnsmasq is only able to send the device MAC address, IP address and configuration ID upstream to NextDNS. They apparently make a unique identifier of that data, and if you hover in the Logs tab over one of those names, you'll see the LAN IP of the device.

Maybe a future update to the website will let you customize those names for display purposes, but when does it cross the line of being a privacy concern? It's one thing that they know device LY39MD requested www.badsite.com, but do they really need to know it was "Dave's iPad"? Not that NextDNS uses that data, but it gets back to the concept of aggregating too much personal data with one entity.

 

[5stringdeath]

It's one thing that they know device LY39MD requested www.badsite.com, but do they really need to know it was "Dave's iPad"? Not that NextDNS uses that data, but it gets back to the concept of aggregating too much personal data with one entity.

I get that. But its also my decision to turn on analytics in the first place so the aliased record would only be available to me, by my choice, and able to be deleted just as the data is now. However I understand your philosophy.

I mean right now it reports like:
Device #60L5S
Synology Incorporated

Thats not much more obscure than me naming it "My Synology NAS"

 

[5stringdeath]

You can find the installation procedure on our Github Wiki.

What is the procedure to uninstall it?

Found my own answer: Rerun the script.

 

[XIII]

@Olivier Poitrey Any plans for adding a DDNS service to NextDNS?

Using the https://link-ip.nextdns.io URL and the Asuswrt-Merlin DDNS services support it's probably already possible to let NextDNS (always) know the current IP of our router (without using any DDNS service).

Now if there just was a way to expose that IP via a domain name...

(Offering a way to use it as an "answer" in a "rewrite" would make this useful for clients using your personal NextDNS configuration, but general exposure could be nice?)

 

[5stringdeath]

Any plans for adding a DDNS service to NextDNS?

There's already an option for that on the setup page, right hand side, under Linked IP section. I entered my DDNS hostname and it works fine.

Unless I'm misunderstanding what you are looking for ...

(without using any DDNS service).

Oh sorry I missed this part

 

[XIII]

There's already an option for that on the setup page, right hand side, under Linked IP section. I entered my DDNS hostname and it works fine.

Unless I'm misunderstanding what you are looking for ...

That's using a DDNS service to update the IP (within NextDNS).

I would like NextDNS to be the DDNS service (to the outside world).

 

[SomeWhereOverTheRainBow]

@Olivier Poitrey Any plans for adding a DDNS service to NextDNS?

Using the https://link-ip.nextdns.io URL and the Asuswrt-Merlin DDNS services support it's probably already possible to let NextDNS (always) know the current IP of our router (without using any DDNS service).

Now if there just was a way to expose that IP via a domain name...

(Offering a way to use it as an "answer" in a "rewrite" would make this useful for clients using your personal NextDNS configuration, but general exposure could be nice?)

you could just up date the IP using curl to their link ip updater on a cronjob or link your routers DDNS address to their site. Their site will match your ddns service address to its current IP.

 

[Olivier Poitrey]

@Olivier Poitrey Any plans for adding a DDNS service to NextDNS?

Using the https://link-ip.nextdns.io URL and the Asuswrt-Merlin DDNS services support it's probably already possible to let NextDNS (always) know the current IP of our router (without using any DDNS service).

Now if there just was a way to expose that IP via a domain name...

(Offering a way to use it as an "answer" in a "rewrite" would make this useful for clients using your personal NextDNS configuration, but general exposure could be nice?)

With our app you don’t need to link your IP.

 

[L&LD]

With our app you don’t need to link your IP.

This is why I don't like 'apps'.

 

[Olivier Poitrey]

When using NextDNS on the router, your options are limited since dnsmasq is only able to send the device MAC address, IP address and configuration ID upstream to NextDNS. They apparently make a unique identifier of that data, and if you hover in the Logs tab over one of those names, you'll see the LAN IP of the device.

Maybe a future update to the website will let you customize those names for display purposes, but when does it cross the line of being a privacy concern? It's one thing that they know device LY39MD requested www.badsite.com, but do they really need to know it was "Dave's iPad"? Not that NextDNS uses that data, but it gets back to the concept of aggregating too much personal data with one entity.

We have more options to discover names. We currently use mdns and arp. We will soon improve mdns support and read the dnsmasq dhcp lease to find more names.

 

[SomeWhereOverTheRainBow]

This is why I don't like 'apps'.

God forbid an everything app. You must follow a strict too good to be true policy. The L&LD policy.

We have more options to discover names. We currently use mdns and arp. We will soon improve mdns support and read the dnsmasq dhcp lease to find more names.

When you say app, Will installing nextdns on the router allow for the automatically update of the IP associated with the users account?

 

[Olivier Poitrey]

God forbid an everything app. You must follow a strict too good to be true policy. The L&LD policy.



When you say app, Will installing nextdns on the router allow for the automatically update of the IP associated with the users account?

That is what I meant by app. All our apps uses DoH and config linking does not need IP linking with DoH or DoT as the config ID is part of the hostname (DoT) or request (DoH).

IP linking is only necessary for IPv4 unencrypted DNS.

 

[Olivier Poitrey]

This is why I don't like 'apps'.

App means software right? Computers or routers without software are pretty hard to use

 

[L&LD]

Not in my experience. App now usually means 'give away all your rights to us' while real software is something that is useful beyond the control of the company you bought it from.

 

[dave14305]

We are also working with @RMerlin to add a UI to this integration. Stay tuned.

Is this a firmware-level integration by RMerlin, or an add-on integration by NextDNS using the new API for third-party developers? RMerlin has not professed any love for DoH from a protocol perspective, AFAIK.

 

[Olivier Poitrey]

Is this a firmware-level integration by RMerlin, or an add-on integration by NextDNS using the new API for third-party developers? RMerlin has not professed any love for DoH from a protocol perspective, AFAIK.

It is an addon using the new API. The hate for DoH vs DoT does not make sense to me from a technical PoV, but this is another subject

 

[EmeraldDeer]

I have been using NextDNS for a few hours. I had been using stubby logging at first. I did not see a single error.

• I did not use the installer script.
• I typed the four addresses into the Asuswrt-Merlin GUI.
• I set round_robin_upstreams to zero using a postconf script. I also have been unsetting a few variables because I would rather use the stubby defaults.
• I am exclusively using DNS over TLS. Only my WAN IP shows up in NextDNS Logs tab.
• I use a dnsmasq postconf entry to unset no-negcache. Windows 10 forwards lookups of some local multicast addresses. Without a negative cache, your DNS provider ends up with more of these useless lookups than all others combined.
• I did not experiment with idle_timeout. When I had tested Quad9 and CleanBrowsing a year or so ago the timeout had to be less than 2 seconds. Cloudflare can be less than 10 seconds. NextDNS is either the same as Cloudflare or perhaps higher.

The stubby.yml ends up as the following except for my account number being obscured:

resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
  - GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
appdata_dir: "/var/lib/misc"
resolvconf: "/tmp/resolv.conf"
edns_client_subnet_private: 1
round_robin_upstreams: 0
listen_addresses:
  - 127.0.1.1@53
upstream_recursive_servers:
  - address_data: 45.90.28.0
    tls_auth_name: "abc123.dns1.nextdns.io"
  - address_data: 2a07:a8c0::0
    tls_auth_name: "abc123.dns1.nextdns.io"
  - address_data: 45.90.30.0
    tls_auth_name: "abc123.dns2.nextdns.io"
  - address_data: 2a07:a8c1::0
    tls_auth_name: "abc123.dns2.nextdns.io"
idle_timeout: 9900

 

[SomeWhereOverTheRainBow]

It is an addon using the new API. The hate for DoH vs DoT does not make sense to me from a technical PoV, but this is another subject

I concur with the idea of DoH and DoT, as service providers will soon be trying to crack their bid at their own version. And soon OS's will incorporate one or the other (more likely DoH).