NextDNS is set on the router but NextDNS says it’s using Cloudflare instead.
Everything is set properly. I can even see web traffic from my devices in a way, I can only see trackers not websites. For all of you who don’t understand Dutch, the image is saying it’s not connected to NextDNS at all.
12 replies
-
It confuses me.
-
Does anyone know why?
-
It means your "Laptop" and/or "Browser" using Cloudflare public DNS
-
@Tijm if you like to continue in dutch then pm me.
on the laptop, which browser do you use?
-
What I do to enforce system wide DNS.
1 - Configure DNS I want on router/firewall device as forwarder e.g. NextDNS.
2 - Set NAT rule that any outbound traffic to port 53 UDP and TCP that isnt your LAN DNS IP address, then forward it to your LAN DNS IP. This basically will forcefully redirect anything attempting to use unauthorised legacy DNS to your resolver which then forwards to NextDNS.
3 - For blocking unauthorised use of DoH is more difficult as it uses the https port which is an administrators nightmare to control, one option if you have local DNSBL capabilities such as pfblockerng is to load a DoH block list so anything going to a DoH server is blocked, and typically any software doing this will fall back to system DNS instead of failing the DNS query. Or you can do it in firewall directly if the firewall supports URL aliases to convert to IP's to block, block with a reject not a silent drop for fast fall back to system DNS, I prefer the firewall method. Obviously if you blocking DoH, you might need to whitelist/exclude any DoH you want accessible over your network, e.g. NextDNS.
Once you done all this, and assuming your DHCP is sending correct local DNS IP to clients, you dont need to worry about individual devices using unauthorised DNS services.
Content aside
- 2 wk agoLast active
- 12Replies
- 190Views
-
4
Following