Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Support NextDNS for DOT #2045

Open
patrickhousley opened this issue Jan 13, 2024 · 5 comments
Open

Feature request: Support NextDNS for DOT #2045

patrickhousley opened this issue Jan 13, 2024 · 5 comments
Labels
Category: DNS 📠

Comments

@patrickhousley
Copy link

What's the feature 🧐

Can you add support for using NextDNS as a DOT provider?

https://my.nextdns.io/

Extra information and references

No response
@patrickhousley
Copy link
Author

This is their Unbound setting for my DNS account.

Unbound
Use the following in unbound.conf:
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#[redacted].dns.nextdns.io
  forward-addr: 2a07:a8c0::#[redacted].dns.nextdns.io
  forward-addr: 45.90.30.0#[redacted].dns.nextdns.io
  forward-addr: 2a07:a8c1::#[redacted].dns.nextdns.io

The forward addresses are going to be unique to each persons account. The [redacted] part is the profile ID from the NextDNS account.

@qdm12
Copy link
Owner

qdm12 commented Jan 29, 2024

What's their DNS over HTTPs address as well?

All DNS work is paused until #1742 gets finished. This will move away from Unbound to do more fun things using my own Go code (and will resolve a lot of Gluetun issues). I can however look into incorporating nextdns into the list of providers at https://github.com/qdm12/dns/tree/v2.0.0-beta/pkg/provider but the minimum requirement is to have DNS over TLS + DNS over HTTPs for now.

@patrickhousley
Copy link
Author

patrickhousley commented Jan 29, 2024
edited
Loading

@qdm12 If you want to drop me an email at patrick<dot>f<dot>housley<at>protonmail<dot>com I will set you up with access to a pro service,

@patrickhousley
Copy link
Author

image

@aetha
Copy link

aetha commented Jun 18, 2024
edited
Loading

I use NextDNS too and I figured I'd provide some more info.

They provide methods to label your devices by name in your personal account logs, rather than just by IP address. (I find this helpful to diagnose issues, and have Switzerland set as my storage location for privacy.)

Identify your devices

Follow the instructions below to identify your devices in Analytics and Logs.

DNS-over-TLS/QUIC

Prepend the name to the provided domain (the name should only contain a-z, A-Z, 0-9 and -). Use -- for spaces.
For "John Router", you would use John--Router-XXXXXX.dns.nextdns.io as your DNS-over-TLS endpoint.

DNS-over-HTTPS

Append the name to the provided URL (the name should be URL encoded).
For "John's Firefox", you would use https://dns.nextdns.io/XXXXXX/John's%20Firefox as your DNS-over-HTTPS endpoint.

Where 'XXXXXX' is the user's 6-digit hexadecimal profile identifier. These personal DoT domains seem to resolve to the same IP address as plain 'dns.nextdns.io', so I think the device/profile subdomain only needs to be used inside the TLS connection.

dns.nextdns.io is geolocation routed to a nearby endpoint. Their main servers are in the US and reside in their allocated block 45.90.28.0/22 (45.90.28.0 - 45.90.31.255). NextDNS's own DoH proxy daemon seems to connect first to a US server, then uses it to resolve to a closer endpoint. Log for example:

nextdns[13318]: Connected 45.90.30.0:443 (con=9ms tls=68ms, TCP, TLS13)
nextdns[13318]: Connected 103.137.14.21:443 (con=7ms tls=52ms, TCP, TLS13)
nextdns[13318]: Switching endpoint: https://dns.nextdns.io#103.137.14.21,67.219.103.157

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: DNS 📠
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aetha @patrickhousley @qdm12