Any way to persist NextDNS ID when dns-over-https is off?

One of the most common things I found myself doing is turn off NextDNS / encrypted DNS because some wifi network has a captive portal and it’s preventing that from opening. Sadly gl-inet stuff doesn’t have a smart mode for temporarily disabling it while authenticating (or let me bind the switch), so I have to disable it completely

But when the router reboots while it’s off and I enable NextDNS again, the custom configuration profile setting is empty again and I have to look it up. Ended up having a note on my desktop with just the NextDNS ID so that I can copy-paste it into the router settings again :confused:

Any way to have this actually stick? Like some configuration setting file somewhere on the device?

Many captive portals rely on DNS hijacking for their implementation, so DNS encryption causes exceptions and there is no good way to switch them intelligently.

1 Like

Yeah sadly that seems to be the case. Was thinking of something like - if no connection or if marked as a wifi hotspot, try to connect without dns-over-https

Or just have it bindable to the physical switch. On my android phone I added a quick toggle for NextDNS for exactly that usecase, so I can quickly turn it off when I am trying to join a public wifi network

Is it possible to toggle it through SSH? I could hack together a script that just connects and turns it off as well :slight_smile:

1 Like

Some faster methods will be considered later.

It’s a massive +1 from me.
I toggle between NextDNS and auto a lot and am forever having look up my ID too!

And while you’re there, how about allowing “identfying the device”:
eg. For “John Router”, you would use as your DNS-over-TLS endpoint.

1 Like

So back to the original question, is there a config file I could write to persist the NextDNS ID? All I want for now is that it doesn’t get wiped when I switch DNS to “Automatic” and then at a later point back to NextDNS

The ID is embedded in the /etc/config/stubby file and cannot currently be saved when switching.

Discovered a small workaround

Although it means no dnssec, but what you can do is setting the NextDNS IPv4 and IPv6 addresses as “manual” DNS server on the gl-inet router. Then enable Dynamic DNS support and copy the glddns address into NextDNS as “linked IP”

Because it’s just a manual DNS and not encrypted, it still allows captive portals. Not perfect because obviously would prefer DNS-over-TLS or HTTPS, but better than constantly switching back and forth…