0

Different profiles on Pc / phone and router

Hello, I'm a total newby and not tech saavy as you all seem to be but I managed to implement nextDNS on my private network. I was wondering, if I want more restrictive settings for my children (they each have a specific PC and phone) and a moderately restrictive wifi router setting  applying to everyone in the house, do you know which of the two profiles will apply when they will use their PC on our home wifi ? Of course I want the more restrictive one, but I'd like to be sure and i didn't find the information. Thanks for reading, and a big thank to anyone can help me.

5 replies

null
    • Calvin_Hobbes
    • 2 mths ago
    • Reported - view

    You can (and should) create multiple profiles for NextDNS.    You can install NextDNS client on children's devices and use a profile designed for them.   The settings on the client will not see the profile used by the router.   

    You can verify everything is working how you intend by either looking at the logs or looking at the setup page within Nextdns.

      • Breillacq
      • 2 mths ago
      • Reported - view

       Thanks a lot, can I meet this goal (I don't know what a client is) by

      1. installing the nextdns app on their android phone and link it to the correct profile

      2. set up DNS-over-HTTPS on their windows laptop through the control panel ?

      Is it sufficient ?

      Thanks and sorry for these questions that must seem quite dumb to you ;)

      • Calvin_Hobbes
      • 2 mths ago
      • Reported - view

       you are asking the right questions!  I consider a “client” to be any device on the network (it’s a short hand way of saying computer, phone, tablet, smart tv, etc.).  
       

      The NextDNS client software  on the client device will communicate directly with the NextDNS servers and the router's configuration won’t be a factor 

      You said you’re using DNS over HTTPS, which means the traffic passing through the router will be indistinguishable from any other HTTPS traffic (that was done intentionally to make it very difficult to block DNS at the router).  

      The original DNS protocol could easily be blocked at the router.   It wasn’t encrypted and used a port number specific to DNS.   

      • Martheen
      • 2 mths ago
      • Reported - view

       Note that if your kids want to evade the restriction, it's very trivial for them to just set a non-blocking NextDNS address in the browser they use, which will ignore the NextDNS app and Windows DoH settings.

      • Breillacq
      • 2 mths ago
      • Reported - view

       Thanks Martheen

      i've set policies on their firefox preventing access to perferences, profiles and addons. They can't use any other browser through microsoft family safety. It seems sufficient to me, besides we talk quite often about these issues of online well-being.

Content aside

  • 2 mths agoLast active
  • 5Replies
  • 139Views
  • 3 Following