Improved ID prediction for unauthorized use
Hi,
Recently, some users reported that their NextDNS ID was being used without being exposed. I know it's easy to create a new ID and use it. But if I set it up for my family, do I have to borrow each family member's device and set it up again? Seems like a waste of time!
I have the following ideas:
- Increase the number of characters in the ID, to prevent guessing the ID used.
- Add ID authentication feature when using encrypted DNS. Adguard DNS already has a similar feature https://adguard-dns.io/en/blog/private-adguard-dns-v2-7.html
Hope to consider this idea. Thanks!
6 replies
-
If your logs show an unauthorized user, create a bunch of mean redirects for their most common lookups and wait a day. They'll stop using it :)
-
I've just moved over from AdGuard DNS and trying out nextdns...
I am shocked that there is no option to include authentication to the URL... at the very least a longer ID....
-
The IDs that are used illegally are often easy to predict, for example 123456. Currently, my ID has not been guessed or used illegally.
-
16^6 possible combinations, unlikely one will be guessed.
I would hope that NextDNS would know how much has been allocated already.
Just out of interest, what kind of percentage used would be a concern in your opinion? -
Users like to choose easy-to-remember IDs, which leads to easy-to-guess IDs. I have an account with a lot of easy-to-remember IDs like this.
When I use the API to generate a new ID, the number of IDs (like 100) in that account is reached, the number of characters will increase to 8 (or 10 characters) or something.
-
Content aside
-
2
Likes
- 8 days agoLast active
- 6Replies
- 95Views
-
4
Following