2

NextDNS can be bypassed easily

On windows 

I tried the DNS over HTTP but funnily the web-browsers completely bypasses it by default 

So I tried the NextDNS Windows app 

and it does make web-browsers respect the allow or denylists 

But the NextDNS windows  client can be easily shutdown by a standard user, can be disabled, can change the profile id 

I think an locking the settings behind a password or elevating the client to system level so a standard user cannot tamper will be really beneficial for simple SME use cases

3 replies

null
    • Luna.1
    • 2 days ago
    • Reported - view

    To eliminate the bypass, only a local firewall with corresponding block rules will help. A DNS cannot really help here.

    • hitchhiker
    • 5 hrs ago
    • Reported - view

    I may be possible to block some of the Browser settings using Group Policy, in such a way that a non admin user will not be able to set a custom DNS.

    • PCSPEZIALIST
    • 2 hrs ago
    • Reported - view

    You may install the client without UI and hide it from installed programs:

    msiexec /qn /i NextDNSSetup-X.X.X.msi PROFILE=abcdef UI=0 ARP=0

     

    Here is a guide:

    https://help.nextdns.io/t/83hsj8t/windows-client-mass-deployment-guide

Login to reply

Content aside

  • 2 Likes
  • 2 hrs agoLast active
  • 3Replies
  • 103Views
  • 5 Following