0

Is enabling dynamic DNS on my router a security risk

My ISP only supports IPv4. I want to have NextDNS installed at router level but I appreciate I need either a fixed IP (which I don't have) or dynamic DNS. I can create a dynamic DNS to do this (with TP Link). Is this a security risk? Thanks

13 replies

null
    • frsfrt
    • 2 yrs ago
    • Reported - view

    no, DDNS doesnt have any security risk. The unique function that do is send perioduically your public ip to a server  like NOIP or DuckDDNS

    • losnad
    • 2 yrs ago
    • Reported - view

    For someone who's not an expert in this field, like me, things can be confusing.

    I suggest you to read the Knowledge Base, search for what you don't know or understand, there are articles online, you can read some things on Wikipedia, maybe there are articles on your own language as I think English isn't your first language as it's not mine.

    There are IP v4 and v6.

    DNS v4, v6, tls, https, quic

    UDP, TCP

    A, AAAA, CNAME

    But you don't need to know all, I don't, to use NextDNS or other everyday applications.

    Are you absolutely sure your provider only have ipv4? Not that it matters, yet, as everything on the internet still has ipv4.

    Even when you only have ipv4 it does not mean that you need to use DNS v4. Some devices have the option to set DNS over Https, tls etc. If you install the NextDNS CLI https://github.com/nextdns/nextdns/wiki or you set DNS v6, https, Tls, quic, you don't need Dynamic DNS. If possible you should not use DNS v4 or v6 as are not encrypted.

    Cloudflare Warp DNS app is not a VPN that hides the IP, it just uses the VPN protocol for connection, just like NextDNS app for mobile or the AdGuard app I use. It is still just a DNS. If you use NextDNS in https, Tls, quic I don't see why you need warp. When you use unsecured networks use Tor or Opera(with VPN on) browser, or other trusted VPN. Some free VPN are garbage, they leaked or sell users data.

    Nobody on the internet can replace the self learning, read, test, understand. At least this is what I did.

      • Martheen
      • 2 yrs ago
      • Reported - view

      losnad I'm not sure why you bring up Cloudflare Warp to the mix. Cloudflare Warp is a VPN, it initiate a Wireguard connection to the nearest Cloudflare node for all traffic, there is even an app to extract this configuration and use it on plain Wireguard client. The difference from other VPN app is Cloudflare includes the original IP in the header which is readable for sites hosted on Cloudflare. So if the goal is to hide the traffic from the ISP/wifi owner, Warp offers the same protection as other VPNs. 

      • losnad
      • 2 yrs ago
      • Reported - view

      This is why it is in the mix: https://help.nextdns.io/t/m1hfg86/ios-14-5-using-nextdns-and-vpn-together

      As for the rest, I already know all that.

      For me the ISP is lower (than the likes of Google and Facebook) on the scale of entities I want to hide from.

      • Ell_War
      • 2 yrs ago
      • Reported - view

      losnad thanks - on the VPN point - I am not worried about hiding my IP or geo location stuff or the like. My sole purpose for using a VPN is on untrusted WiFi networks to prevent eavesdropping, man in the middle etc. Yes, I can use HTTPS to encrypt my connection, but when on mobile apps rather than a browser etc that's difficult to know for sure, which means there could be unencrypted traffic on the network. Maybe I am overthinking this,  but common advice is to be careful on public WiFi? Any suggestions of how to combine NextDNS (or something like it) with a VPN when using public WiFi? PS I also recognise a lot of free VPNs sell user data etc and I am generally very sceptical of them, but Warp seems legit. 

      • Roger_Wright
      • 2 yrs ago
      • Reported - view

      Ell War I use NextDNS via Private DNS on my Android devices, have it set on my iOS 14.x devices, and with YogaDNS on my Windows 10 PCs.   

      I'm able to use my VPNs, VPN Unlimited (paid) and Windscribe (free) in conjunction with this configuration on all the devices.   On my mobile devices, the VPN automatically kicks in whenever I connect to an untrusted Wi-Fi network.   

      I selected VPN Unlimited and Windscribe because they support Wireguard protocol for improved speed.  Windscribe barks a little about not liking my DNS configuration but it works fine.

      • losnad
      • 2 yrs ago
      • Reported - view

      I didn't said anything bad about Warp. It might be great, but I prefer a different setup.

      A free option is to use Tor, the browser or even Orbot as a system wide protection when in public/untrusted network. There are some downsides.

      My mindset is different than yours, I think privacy is important, I don't want the ISP and the companies like Google or Facebook to know more about me than myself.

      I use Tor, Firefox, (Brave, Opera) AdGuard with NextDNS and AdGuard VPN.

      I don't know which VPN services allows you to manually set the DNS but there are a few which seems very good like ExpressVPN, Surfshark, Nordvpn.... I only tried ExpressVPN.

      More here:

      https://help.nextdns.io/t/60hf68n/how-to-set-up-and-use-nextdns-with-adguard-app-in-android

      • Ell_War
      • 2 yrs ago
      • Reported - view

      Roger Wright thanks. I actually have VPN Unlimited - bought a lifetime subscription - but not sure how much I trust them to be honest (the price was ridiculously low so I don't see how it is much different to a free VPN). In any case, I've set it up my iPhone to have NextDNS as the DNS and connected to the VPN Unlimited VPN. Whether I toggle on or off the NextDNS, my DNS lookup on whatsmydnsserver.com remains the same, i.e. NextDNS is not being used and my system is using the VPN Unlimited DNS details. How did you get the NextDNS settings to override the VPN Unlimited ones? Thanks

      • Roger_Wright
      • 2 yrs ago
      • Reported - view

      Ell War I'm not sure.   When I have  VPN Unlimited activated with NextDNS set, I see my queries in the NextDNS logs so it they're going through NextDNS for resolution, and the filters are working to block some sites.   I do have Block Bypass Methods enabled under Parental Controls.

      • Roger_Wright
      • 2 yrs ago
      • Reported - view

      Ell War I know what you mean about VPN Unlimited (I'm not confident of their logging policy), but I've been very happy with the service simply for the automated protection with untrusted Wi-Fi and Wireguard support provides a noticeably faster connection.    I've had the lifetime plan for about 5 years now (think it was just $30) and have a portable router configured with the VPN - great for traveling.    

      • Ell_War
      • 2 yrs ago
      • Reported - view

      Roger Wright yep - i bought that lifetime plan too. So you have VPN Unlimited on a router rather than on iOS? i am trying to get the Wireguard tunnel installed on my iPhone to work with the NextDNS. I'll try block bypass and see what happens....

      • Roger_Wright
      • 2 yrs ago
      • Reported - view

      Ell War The VPN is configured on my travel router, not my home router.  I only use it occasionally. 

      We still use the VPN UNL app on our phones, along with NextDNS, for untrusted wi-fi connections.   

      • Ell_War
      • 2 yrs ago
      • Reported - view

      Thanks Roger Wright I couldn't get NextDNS working on iOS when using any VPN.

      Where I've left it is on iOS I think I'm going to use:

      1. Warp VPN on untrusted networks (without NextDNS but it has a malware DNS blocker, 1.1.1.3).

      2. VPN unlimited for occasional uses e.g. geo-location type requirements  (again, without NextDNS).

      3. NextDNS for cellular data and on my trusted WiFi networks. 

Content aside

  • 2 yrs agoLast active
  • 13Replies
  • 1159Views
  • 4 Following