4

Complete Network blocking

Could there be an option to immediately block all DNS requests (essentially doing a complete network block) except to NextDNS (so you can still log in and unblock) in case of an emergency eg. viruses or ransomware spreading or suddenly high internet traffic from your home network. There had been cases where the only way was to login and turn off the internet link essentially also locking yourself out. 

7replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • This can be better configured at router level

    Like
      • Vitor
      • Vitor
      • 1 yr ago
      • 1
      • Reported - view

      DynamicNotSlow yes but nextdns its so much easy easier... they could implement this with a scheduler, for parental control of internet time usage, very useful!!!

      Like 1
      • DynamicNotSlow
      • Pro subscriber ✓
      • DynamicNotSlow
      • 1 yr ago
      • 1
      • Reported - view

      Vitor no that's not possible.

      Devices can circumstances DHCP DNS and even manual configured DNS on devices in many ways.

      Like 1
  • Install https://github.com/hjk789/NXEnhanced, create a new config, block all TLDs then add the allowlist for NextDNS domains, and export the config. When you want to block all DNS requests, just import that config to your current config (after backing it up first), then restore from the backup when you're done.

    This obviously only works against malware that somehow still honors OS/router DNS config. I doubt it, making their own DoH client is easier than ever, and since you still whitelist NextDNS domain, they can even make a request to unfiltered NextDNS config.

    Like 1
  • Say I am on vacation and I immediately need to block my home Internet or office internet and I only have my phone with me. I could login to NextDNS and just Block everything. 

    Like
      • DynamicNotSlow
      • Pro subscriber ✓
      • DynamicNotSlow
      • 1 yr ago
      • Reported - view

      Jaco Marais doesn't make sense as DNS settings can easily bypassed

      Like
      • SLCW
      • SLCW
      • 1 yr ago
      • Reported - view

      DynamicNotSlow 

      Disabling DNS (except for nextdns.io) wouldn't stop every possible attack, but it would stop a lot of things simply because most software is configured to use host names instead of hard-coded IP addresses. The ability to quickly lock down your DNS would go a long way in mitigating potential damage. 

      Like
Like4 Follow
  • 4 Likes
  • 1 yr agoLast active
  • 7Replies
  • 298Views
  • 3 Following