NextDNS - testing it

Beardedgeek72 · April 2, 2021, 2:01pm

Anyone else using it? Seems to work very well. My only observation is that even when implementing Easylist on a DNS level Reddit Promoted posts still pops up. Those are the only ads I have seen that slips thru, so I am keeping uBlock on firefox for now.

Pudge · April 2, 2021, 5:19pm

I assume you are referring to nextdns in the AUR.
I might give it a try.

Pudge

Echoa · April 2, 2021, 5:52pm

Be aware that DNS level adblock cant get ads that are served through the primary hostname/ip, Reddit and Youtube for instance would end up blocked entirely. If you want all ads gone you need browser based blocking too.

That said NextDNS is pretty ok, though privacy is up for debate due to being US based and what your threat model is. If youre looking for a good blocking DNS and arent too paranoid theyre very good and resolve domains quickly

Beardedgeek72 · April 2, 2021, 7:31pm

I like it so far, I actually payed the $25 yearly fee for unlimited queries on it.
I also chose to move the log file to Swiss servers because I could.

Echoa · April 2, 2021, 7:37pm

If you happen to use openwrt they have an official luci-app for it so you can easily setup a router with it. I was using it for a while but with my custom router build i could just do adblock on my own and it didnt provide me a ton of benefit personally.

Overall its pretty good especially for blocking if you dont want to do your own

Beardedgeek72 · April 2, 2021, 7:40pm

Running it on three devices, so those free 300 000 queries per month would have been eaten up quickly.

My computer (both Linux and Windows), my Wife’s computer, and my personal cellphone (not my workphone).
Had to fight the phone’s power settings from force-closing it but after that’s settled it is working fine.

SweSG · April 3, 2021, 5:46am

I only use an RPi with Pi-hole and Unbound so I don’t have to do much. Just the cost of RPi and some power it draws. Which isn’t much. I’d rather not lock myself into a DNS provider.

I’ve talked a lot about the benefits of Pi-hole and Undbound in here. Then add uBlock Origin to your browser for the little extra protection.

ruypew · August 17, 2021, 5:09pm

Works great for me, but to prevent DNS-leaks due to the interference with systemd-resolved, one needs to: 1) change the “listen” port from 53 to something else in /etc/nextdns.conf (for example, listen localhost:8553), and 2) put the following into /etc/systemd/resolved.conf:

[Resolve]
DNS=127.0.0.1:8553
FallbackDNS=
Domains=~.

HTH

ruypew · October 19, 2021, 8:31am

It turned out that nextdns “does not support non 53 port” [1], and therefore a cleaner approach would be to keep /etc/nextdns.conf as is and modify only /etc/systemd/resolved.conf as follows:

[Resolve]
DNS=127.0.0.1
FallbackDNS=
Domains=~.
DNSStubListener=no

By adding DNSStubListener=no port 53 is freed for nextdns use.

[1] https://github.com/nextdns/nextdns/issues/97