If you are European, no obvious problem that if you live in other contexts, your response can increase
it’s all foss and believe me, it deserves a nice donation of 10 € for the service that the dns offers compared to the classic anycast on 5500 servers with different data laws for each country
They are also free in Beta, lets you configure ad/malware/tracker blocking as well as white/black list, logs and analytics(!) and supports DNS-TLS (and DNS over HTTPS or DoH). It took a bit of configuration, but replacing the 1.1.1.1 stubby config with the one on the NextDNS.io setup page worked perfectly. Even the direct dnsmasq.conf adjustments worked, but I wanted the encryption.
As far as paid, the VPN services (including the new wireguard ones!) are better than trying to do the cut-paste stuff by hand. And you can always just use the files.
And as far as I know the base DNS service would still be free, only the blocks/logs/etc. and only after 300k inquiries.
Before anything else save a config backup and maybe ssh in and tar /etc into a file and save it off so you can restore things if they go wrong.
First make sure in the main setup, advanced, DNS tab you are using the 1.1.1.1 cloudflare and override for all (and I turn on rebind prevention) and that it works to resolve.
Go into /etc/config/stubby using SSH and replace the 1.1.1.1 references with the nextdns versions, you will see this in the setup/linux tab in the my.nextds. io (assuming you are using an account). My id has been replaced with 123456, but you can also use the generic values if you aren’t using an account and analytics. I add the device ID so I know which router or device (I can do this with android and windows directly).
Which in the dnsmasq stanza in /etc/config/dhcp looks like:
option boguspriv '1'
option noresolv '1'
option strict-order '1'
list server '2a07:a8c1::75:76e5'
list server '45.90.30.81'
list server '2a07:a8c0::75:76e5'
list server '45.90.28.81'
option add-cpe-id '123456'
I don’t know if the analytics trick of using MyRtr-123456 would work. But you can get your blocking with your account.
so the default stubby(DNS over TLS from Cloudflare) file uses cloudflare. this file is located at /etc/stubby/stubby.yml
first command backs up defualt file to stubby.yml.cloudflare
and then clear /etc/stubby/stubby.yml and enter replacement info for nextdns
then go to gli-webadmin\More\custom_dns_server\DNS over TLS from Cloudflare
and disable and hit apply,
then enable and hit apply
or
(service stubby restart) from cli
Can/Howto do device tags in DNSCrypt?
i.e. you say
“6ffa65.dns1.nextdns.io”
for the authname, prefixing it, e.g. “MyRouter1-6ffa65…” will add a tag to your logs and analytics (so I can tell which device is requesting).
Also you can still put 0.0.0.0 entries in the hosts file with stubby to stop the chatter and log clutter when you can’t stop it at the source. e.g. I have a camera that wants to phone home to p2p.vendorname.com every few hours even though I have the feature disabled. I added this to hosts with 0.0.0.0 and my logs cleaned up. (tip, also add “0.0.0.0 ANY” so netstat will show that instead of the first blocked entry).
yes if you go to nextdns.io and create an account you can create custom configurations for different devices. from nextdns.io usersetting page you can create a new config under the setup tag in the top left corner above it. Or rename your current one under settings. you can then go back to the setup page and look for your own custom ID under Enpoints and change every instance of 6ffa65 from above at the end of stubby.yml and replace with your custom id. works great.
This is a really neat service because it allows you to basically run adblock on a remote device and offload the cpu power and also allows you block sites that are application specific like snapchit and facedump or even ebayt.
I did not dig into this when I orginally posted this but now that I have I have nothing but good things to say about it.
so there is a snapshot testing bin for ar750 /firmware/ar750/snapshots/openwrt-ar750-3.103-0302.bin with NextDNS support with stubby.
I enabled it but did not notice the change in /etc/stubby/stubby.yml so I have to assuming the settings are coming from elswhere as a script. reason I’m asking is because it it not pointing to nextdns but still showing cloudflare. also if your going to set for nextdns your still need a entry box for clientid to be entered. wow i wish most companies out there acted rather than only just listened to their customers. great job on moving forward with this. keep up the great work.
no complaints. it is working already with the above posts just hope you guys find time to have it so you can insert client id info. glad you chose to do it with stubby instead of nextdns. I prefer stubby version.
I just had an idea. since you guys do /etc/openevpn/ovpn0 ovpn1 ovpn2
maybe you could do /etc/stubby/stby1/stubby.yml
and higher for custom stubby choices outside of cloudflare and nextnds?
This solution not good for me. After 5-10 min internet down. Restart DoT helps only, but not for long time ((( My Mango have 3 mb free memory and if i’ll install curl (for solution from GitHub) memory will be 0 mb. But I need Midnitght Commander and it’s 3 mb too. NextDNS one of my favorite services, damn… Need a new firmware)