Next DNS with Little Snitch on MacOS
Hello All,
I am looking for guidance on how I can set up NextDNS with Little Snitch. When I set the DNS settings to custom and go with NextDNS, it only shows traffic to the Little Snitch Network Extension. I've tried a couple of different variations but haven't had any luck. After reading through some previous posts, I noticed that this seems to be a somewhat common problem, but I haven't found a reliable solution. Any suggestions or further troubleshooting you would suggest? Thanks!
11 replies
-
You can't use the NextDNS app and Little Snitch at the same time, but you can configure Little Snitch to use DoH to NextDNS like below. You don't need the NextDNS app or a NextDNS profile at all if you set it this way.
I even put my computer name at the end so it shows up as my MacBook Pro in NextDNS. It works great and you can use DNS over TLS too.
-
Thanks! I appreciate the support and quick reply. That's how I have it set up, but once I set that DNS up, I no longer saw any traffic other than to Little Snitch Network Extension. I don't have the NextDNS app or a NextDNS profile installed. Testing the DNS in Little Snitch shows it is working and NextDNS shows All Good.
-
-
I use a different firewall that is similar to Little Snitch called LuLu. It’s an open source firewall for MacOS and don’t recall having any issues using it with NextDNS
https://objective-see.org/products/lulu.html
if you look at the link above there’s a note regarding an issue of using MacOS builtin firewall with LuLu. The same issue might also apply to Little Snitch.
Im not going to be near my Mac for several days so I’m unable to look closer at it.
-
did you see my response to him/her? Lulu is basically a slimmed down, open-source version of Little Snitch. I’ve been using Little Snitch since 2008. It’s a fantastic product and supports encrypted DNS right out of the box. You don’t need to even use a DNS profile or the NextDNS app.
Look at the screenshots I posted. That’s a little snitch. He’s obviously already paid for it, so I can’t imagine him/her wanting to go to a free, open source version now.
-
Thanks! I may look into that if I can't get Little Snitch working.
I've seen a couple of suggestions that I should turn off the macOS firewall, but I don't understand why it would work beforehand and what changed by changing the DNS to NextDNS. -
I've never had to disable the macOS firewall to make all of this work. Personally, I think you have something wrong with your Little Snitch rules. Try temporarily disabling the network filter in Little Snitch to see if your queries go out then.
Keep in mind that NextDNS has a lot of DNS "partners," so DNS/DoH/DoT traffic would need to open to more than just the two IPs NextDNS assigned to you.Do you have any other network extensions loaded beside Little Snitch? Sometimes they can conflict with each other. Make sure you do not have the NextDNS app installed either.
Settings / Network / VPN & Filters:
-
It appears you were spot on with your diagnosis. While I didn't have any further Network Extensions installed or active, I suspect I may have messed up the filtering rules in Little Snitch. So, I went ahead and completely uninstalled Little Snitch, performed a hard restart, verified that NextDNS was working (updated the network DNS settings), reinstalled Little Snitch, updated the DNS settings there to NextDNS, and everything appears to be working as expected now. MacOS firewall is still enabled, I can see all the expected network traffic on Little Snitch, and NextDNS is Active.
Thanks so much for the support troubleshooting this issue! I really appreciate the insights and suggestions.
Cheers!
-
Good deal. Glad I was able to help that it worked for you.
-
-
NextDNS via LittleSnitch DNSCrypt does work without issues at my side... DoH/DoT and DoQ. Sadly only DoH can have the name of the device within it's domain name - so when using DoT and DoQ you cannot see the device name in the logs of NextDNS or am I wrong?
Content aside
- 43 min agoLast active
- 11Replies
- 198Views
-
4
Following