NextDNS Installer

[dave14305]

So now it really makes no sense to have Diversion running alongside NextDNS?

True, in my opinion. IIRC, it’s feasible to edit dnsmasq.postconf and remove the exit 0 and then restart dnsmasq, but it would return after a nextdns restart/reboot.

I decided to removed nextdns. To be fair, Olivier is receptive to suggestions for how to improve it, but now it’s a commercial decision (IMO) how to ensure reliable service for paying subscribers. I think it’s a good deal $ overall, but not for me personally since I tinker way too much for my own good.

 

[gattaca]

^^^^ dnsmasq.postconf is the first place I looked when I realized pixelserv stats where no longer incrementing. After uninstalling the NextDNS agent, their code was removed from the top of the dnsmasq.postconf and your original lines were left as I had put them back in Dec, 2019. I'm guessing that keeping your solution, + adding NextDNS manually via the WEBGUI on WAN > DNS is the only way I'll make them "play nice". So bottom line i installing the NextDNS agent by design will disable Diversion+Pixelserv with the Exit 0. For those of you much smarter than me, is there any code we can put into (or remove from like Exit 0) dnsmasq.postconf to make NextDNS play nice with Diversion+Pixelserv? My solution has been to not install the NextDNS agent, incorportate Dave's example code, and then manually configure NextDNS using the WAN > DNS WEBGUI.

As for whether you want them both NextDNS and Diversion+Pixelserv.. I personally like the filtering / layering and I like what pixelserv's does for me. Maybe I just don't understand full picture. With the layering, I still see ~ 4-7% blocked by NextDNS but I really like having NextDNS for my mobile devices.

Of course, without the NextDNS agent installed, you loose some of the functions such as the list of devices making the requests, but for me it's always the router or a mobile.

@dave14305 Thanks for the link to the issue you opened. That is exactly what's in play! I wish Oliver would have tried to consider if Diversion + Pixelserv was in play but I also understand their requirement to make the installs "rock solid" for many Merlin users not leveraging AMTM tooling. I'm sure there are ways to detect if Diversion + Pixelserv are in play and work them into the game. Thanks! Stay Safe!

 

[XIII]

I’m going to run without Diversion/pixelserv-tls for a while and see how that works for me.

(have purchased a year of NextDNS on day 1)

 

[gattaca]

^^^^ Keep us updated! I'll see/post if I hit any more snags with this "manual" setup. BTW, I'm a paid customer too now - figure it's worth it just for the mobile. Will see!

 

[Jumpstarter]

True, in my opinion. IIRC, it’s feasible to edit dnsmasq.postconf and remove the exit 0 and then restart dnsmasq, but it would return after a nextdns restart/reboot.

I decided to removed nextdns. To be fair, Olivier is receptive to suggestions for how to improve it, but now it’s a commercial decision (IMO) how to ensure reliable service for paying subscribers. I think it’s a good deal $ overall, but not for me personally since I tinker way too much for my own good.

That is my opinion of nextdns, instead of providing an overall consistently stable platform they are constantly changing or moving instructions on their site along with changing account addresses and constantly manipulated functionality nextdns installer instead of providing a consistent uniform product for their customers.

 

[XIII]

So far NextDNS for me has been "set & forget" (like Diversion & pixelserv-tls before).

(I'm now referring to their beta period and my experience since their commercial launch; not the few minutes without Diversion & pixelserv-tls)

Well, since I moved to their (DoH) installer. Manual DoT was a PITA...

 

[Smokey613]

I like NextDNS and I will cut them some slack on the changing environment. Afterall, they are still learning and improving the product. It has improved a lot since I first started using them in the trial phase.

 

[gattaca]

^^^ I agree. That's why I'm bending over backwards to make what I'd like to have work! I've got a year now to decide, see how support goes....

 

[XIII]

@Olivier Poitrey Wbat would make more sense: keep running the NextDNS client on my AC86U router, or moving it to a Raspberry Pi 3 Model B+ (which is connected to the router via an Ethernet cable)?

This Pi is already running some “server” software:

• Homebridge
• Mosquito (MQTT broker)

 

[Snoopotic]

Is anyone having a dualstack/ipv6 connection using stateless configuration within a delegated prefix?

I found having issues with client discovery (list of unknown devices grows) I switched to stateful config and this looks good but I think that is too oldschooled as stateless is the right ipv6 thingy.
I would like to have compassionate people joining a debugging session

Thanks.

 

[Carnagerover]

Is there a way to assign app blocks and such by device rather than the whole network?

 

[Audionut]

Is there a way to assign app blocks and such by device rather than the whole network?

Create new configurations on the nextdns account page for each device. Each configuration will have it's own unique ID.

Then use the conditional configuration: https://github.com/nextdns/nextdns/wiki/Conditional-Configuration

nextdns config set -config ip/mac address=ID

Replace ip/mac address with either the ip or mac address of the device you want to assign to the specific nextdns configuration.
Replace ID with the ID of the configuration you want to assign to the device.

As an example.

nextdns config set -config 192.168.1.54=1rt3d6

 

[gattaca]

I had to yank NextDNS yesterday about 13:00 EDT. All DSN resolution stopped. I rebooted the router, nope. It was not until I swapped in Quad9 + Cloudflare that DNS returned. This is twice in 3 days I've have to pull NextDNS from my router. This thing has been rock solid until my report a couple weeks ago when they changed my IP from *.*.*.0 to *.*.*.114 without notification. I'm going to run for a couple days using QUAD9/Cloudflare to see if I have any more dead-DNS. I'm 100% sure it was dead-dns b/c all the existing connections worked...but any new site, nope. Growing pains.

 

[Smokey613]

Are you using the client or inputting their settings on the WAN page? I am curious so I can be on the lookout for possible issues with my client install.

 

[gattaca]

1) For months of beta, using manual settings on WEBGUI + those few scripts posted earlier = rock solid
2) Few weeks back, decided to try the client after they changed *.*.*.0 to *.*.*.114 without warning.
3) Client ran OK, then realized client their client circumvented PixelServ, so removed client, went back to manual a week or so ago.
4) Manual config again using WEBGUI since this past weekend been DNS down twice and counting.
5) Switched back to QUAD9 + Cloudflare yesterday on Tuesday 6/2/20 to fix no DNS resolution.

 

[dave14305]

I had to yank NextDNS yesterday about 13:00 EDT. All DSN resolution stopped. I rebooted the router, nope. It was not until I swapped in Quad9 + Cloudflare that DNS returned. This is twice in 3 days I've have to pull NextDNS from my router. This thing has been rock solid until my report a couple weeks ago when they changed my IP from *.*.*.0 to *.*.*.114 without notification. I'm going to run for a couple days using QUAD9/Cloudflare to see if I have any more dead-DNS. I'm 100% sure it was dead-dns b/c all the existing connections worked...but any new site, nope. Growing pains.

Interesting reading: https://www.bleepingcomputer.com/ne...eleased-to-prevent-ddosing-doh-dns-providers/

According to the user impact details included with the Beta/Release Uplift Approval Request for the 'Pref-off automatic TRR-selection by default' feature, "[t]his prefs-off a feature that seems to be effectively DDoS'ing NextDNS, one of our DNS over HTTPs providers."

 

[gattaca]

^^^ I wonder if that is what is tanking the setup? IDK if it is just me but I thought there were more than just 1 or 2 Merlin fans here using NextDNS...maybe I'm wrong? I've had no issues today after 28+ hours on QUAD9 and Cloudflare. Maybe I'll switch back to NextDNS manual setup in couple of days once the FF update rolls out more. TY for the link!

 

[Smokey613]

So far the NextDNS client is running very well for me. I do not run Diversion/PixleServ so that is not a factor.

 

[gattaca]

So far the NextDNS client is running very well for me. I do not run Diversion/PixleServ so that is not a factor.

Confirm.. no problem with the latest client other than it bypasses pixelserv...

 

[RMerlin]

Interesting reading: https://www.bleepingcomputer.com/ne...eleased-to-prevent-ddosing-doh-dns-providers/