4

Complete Network blocking

Could there be an option to immediately block all DNS requests (essentially doing a complete network block) except to NextDNS (so you can still log in and unblock) in case of an emergency eg. viruses or ransomware spreading or suddenly high internet traffic from your home network. There had been cases where the only way was to login and turn off the internet link essentially also locking yourself out. 

7 replies

null
    • Pro subscriber ✓
    • DynamicNotSlow
    • 3 yrs ago
    • Reported - view

    This can be better configured at router level

      • Vitor
      • 3 yrs ago
      • Reported - view

      DynamicNotSlow yes but nextdns its so much easy easier... they could implement this with a scheduler, for parental control of internet time usage, very useful!!!

      • Pro subscriber ✓
      • DynamicNotSlow
      • 3 yrs ago
      • Reported - view

      Vitor no that's not possible.

      Devices can circumstances DHCP DNS and even manual configured DNS on devices in many ways.

    • Martheen
    • 3 yrs ago
    • Reported - view

    Install https://github.com/hjk789/NXEnhanced, create a new config, block all TLDs then add the allowlist for NextDNS domains, and export the config. When you want to block all DNS requests, just import that config to your current config (after backing it up first), then restore from the backup when you're done.

    This obviously only works against malware that somehow still honors OS/router DNS config. I doubt it, making their own DoH client is easier than ever, and since you still whitelist NextDNS domain, they can even make a request to unfiltered NextDNS config.

    • Network Engineer
    • Xion_kzn
    • 3 yrs ago
    • Reported - view

    Say I am on vacation and I immediately need to block my home Internet or office internet and I only have my phone with me. I could login to NextDNS and just Block everything. 

      • Pro subscriber ✓
      • DynamicNotSlow
      • 3 yrs ago
      • Reported - view

      Jaco Marais doesn't make sense as DNS settings can easily bypassed

      • SLCW
      • 3 yrs ago
      • Reported - view

      DynamicNotSlow 

      Disabling DNS (except for nextdns.io) wouldn't stop every possible attack, but it would stop a lot of things simply because most software is configured to use host names instead of hard-coded IP addresses. The ability to quickly lock down your DNS would go a long way in mitigating potential damage. 

Content aside

  • 4 Likes
  • 3 yrs agoLast active
  • 7Replies
  • 1042Views
  • 3 Following