What's new

NextDNS: Thumbs up, Thumbs down?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Do you Like or Dislike NextDNS installed on the Router?


  • Total voters
    25

JT Strickland

Very Senior Member
Anyone have any comments regarding NextDNS on your own or others experience primarily installed at the Router level?
Does it present a lot of challenges with, or disable other scripts?
 
The CLI that NextDNS themselves offers was problematic in the past and would stop resolving for no good reason. For me anyway. But I haven't had a problem lately. In fact, it's rather rock solid in terms of stability now.

The only potential problem is when the WAN connection goes out for whatever reason, the CLI seems to use a considerable amount of memory and even takes a chunk of the swapfile on the USB drive. Maybe this is intentional though?

In any case, I'm happy with the speeds as well as the utility it offers. I haven't noticed any conflicts with other scripts, except maybe Diversion, which shouldn't be used with the CLI anyway.

I have an RT-AC86U with the latest Merlin firmware.
 
Oh. I forgot. I also had a problem a few weeks ago where DNS would fail completely, and NextDNS would say something in the log like too many requests at one time, or something similar. The issue is due to how NextDNS does TTL. It forces a super low (default 5 seconds) TTL on clients so they are forced to constantly query the cache on the router. This is done so changes made on your NextDNS profile (whitelisting a domain, for example) go out to clients quickly.

To fix this, I just raised the max-ttl value in the CLI configuration. Something more sensible like 30 seconds should do the trick. Or, as I've been doing lately, just set the value to 0, so clients are given the real TTL time (useful if you rarely find yourself whitelisting domains) and rely on each device's own DNS cache.
 
Last edited:
Oh. I forgot. I also had a problem a few weeks ago where DNS would fail completely, and NextDNS would say something in the log like too many requests at one time, or something similar. The issue is due to how NextDNS does TTL. It forces a super low (default 5 seconds) TTL on clients so they are forced to constantly query the cache on the router. This is done so changes made on your NextDNS profile (whitelisting a domain, for example) go out to clients quickly.

To fix this, I just raised the max-ttl value in the CLI configuration. Something more sensible like 30 seconds should do the trick. Or, as I've been doing lately, just set the value to 0, so clients are given the real TTL time (useful if you rarely find yourself whitelisting domains) and rely on each device's own DNS cache.
Thanks, I've got to take a close look at the config settings. It looks like skynet is down, I don't think it's compatible with it. It's been an old friend that I'll miss if I stay with NextDNS. Or it may be a new friend again.
 
Skynet should work with it, no problem. I use both together.
Yea, me too, my bad. It was turning over it's weekly leaf when I looked, no data yet. It's up now.
I compared my config with another that was posted, and only difference was mine had "auto-activate true"
 
I like it so far. If I could just figure out how to use it with Survshark VPN.
 
Anyone have any comments regarding NextDNS on your own or others experience primarily installed at the Router level?
Does it present a lot of challenges with, or disable other scripts?
I personally find NextDNS subpar compared to self managing my network with a pihole, diversion, or AdGuardHome.

The only potential problem is when the WAN connection goes out for whatever reason, the CLI seems to use a considerable amount of memory and even takes a chunk of the swapfile on the USB drive. Maybe this is intentional though?
Sounds more like a potential memory leak, or caused by a race condition. May want to cruise over NextDNS github to notify the developers on their issue platform. One of the problems of lines and lines of GO code. It is something they would have to track down provided you have the time to submit debugging details to them.
 
I personally find NextDNS subpar compared to self managing my network with a pihole, diversion, or AdGuardHome.
And it may be, but NextDNS seems to be more manageable to those of us with a lesser knowledge of these tools.
NextDNS seems easier to me now, but the contrary may be proven.
 
And it may be, but NextDNS seems to be more manageable to those of us with a lesser knowledge of these tools.
NextDNS seems easier to me now, but the contrary may be proven.
I implore those to step out of their 'lesser knowledge' boundaries. Doing such might empower users to create a feedback channel with the NextDNS developers such that some of these nuances that NextDNS cli has may be properly addressed for the better of all users. One of the reasons I dropped the service was because of this lack of feedback channel- (i.e. the customer support, feedback, troubleshooting) was a brick wall.
 
I know fairly well what I'm doing, and in that regard I really like Diversion and AGH in concept. The problem is my AC86U's memory gets devoured with the blocklists I use, plus IPv6 support. So by offloading the work to NextDNS (I'm not locally loading the blocklists into router memory), my router isn't constantly swap thrashing. As much as I would like the external USB drive to get a workout, I also want it to last a while, personally.

If I had a router with more memory, like one of the newer AX models, that would likely be a different story.
 
I implore those to step out of their 'lesser knowledge' boundaries. Doing such might empower users to create a feedback channel with the NextDNS developers such that some of these nuances that NextDNS cli has may be properly addressed for the better of all users. One of the reasons I dropped the service was because of this lack of feedback channel- (i.e. the customer support, feedback, troubleshooting) was a brick wall.
That does seem to be the case. It's difficult to get help or grumble or make a suggestion. I hope it improves.
 
That does seem to be the case. It's difficult to get help or grumble or make a suggestion. I hope it improves.
Further to the post you've replied to here, I'm just looking to clarify just how you're using (or trying to) all those scripts in your sig with NextDNS - are you double firewalling and adblocking and access scheduling and and and? IF NextDNS's support is less than accessible - what about the devs here and their scripts? have you reached out to them? Seems to me the merlin crew has put together (for the platforms in question) a very effective and powerful suite of tools for users (with tutorials/walkthroughs!) that equal or better some of the commercially available ones - and you can get almost instant support from the people who build/maintain them.
Martineau brought us unbound and WireGuard (well, he stood on some shoulders for that, and is letting Zeb run with it), there's diversion and skynet, the YazDHCP for those who can use it...NTPMerlin for those of us who appreciate some precision timekeeping...and for a kitchen sink, try scMerlin to keep an eye on how everything is playing together. Arent these plenty/enough?
 
Further to the post you've replied to here, I'm just looking to clarify just how you're using (or trying to) all those scripts in your sig with NextDNS - are you double firewalling and adblocking and access scheduling and and and? IF NextDNS's support is less than accessible - what about the devs here and their scripts? have you reached out to them? Seems to me the merlin crew has put together (for the platforms in question) a very effective and powerful suite of tools for users (with tutorials/walkthroughs!) that equal or better some of the commercially available ones - and you can get almost instant support from the people who build/maintain them.
Martineau brought us unbound and WireGuard (well, he stood on some shoulders for that, and is letting Zeb run with it), there's diversion and skynet, the YazDHCP for those who can use it...NTPMerlin for those of us who appreciate some precision timekeeping...and for a kitchen sink, try scMerlin to keep an eye on how everything is playing together. Arent these plenty/enough?
That is the purpose of this thread, to try to find out what effect it would have on my scripts, what it could do, and if it was worth it.. My straw poll is 2 to 1 for it.
I had voted YES but now have second thoughts, since my router got totaly trashed just a few days after installing it.
That might not be the culprit, but I'm holding it accountable, and removed it.
What's in your signature?
 
NextDNS is known to interfere with other scripts using dnsmasq.postconf.

I was afraid of that, but I couldn't turn up anything with a search. Actually too much that was unrelated.
Well it's gone off my machine before the trial period ended.
I hoped someone would pitch in on the cons here, and I thank you.
 
NextDNS is known to interfere with other scripts using dnsmasq.postconf.

Yea, so NextDNS intentionally will exit out not allowing any scripts past it to run in dnsmasq.postconf? That is a bit drastic. As for putting dnsmasq port to 0, couldn't that potentially break any local router resolution functionality- possibly even break aimesh and guestnetworks?
 
Last edited:
I never, ever used the NextDNS client, just setup manually. I've had fits and starts with it over the past two years but (knocking on real wood) my manual setup has been behaving lately.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top