10

Authorize mechanism for connecting to Configuration ID

Good to have a authorize mechanism for connecting to NextDNS Configuration ID.

This will give more control on who is connecting and if it is authorized to connect to my ID.

I mean if somehow my Configuration ID get leaked, copied or for whatever reason, I'll be having another factor to control that connection to my ID. Saw this function in OpenDNS and would love if NextDNS will also implement it.
    

7replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • What do you suggest, like an application secret that you can use in your setup, like mobile, router, etc. that you can also revoke?

    Like
    • Henk van Achterberg More like on NextDNS portal itself. There should be a section where all clients are listed who are forwarding DNS queries to Configuration ID and a "Authorize" & "Deauthorize" button in front of each clients. By this function, one can deauth pre-registered clients also if they required as well as new ones who are trying to connect to Configuration ID. So a normal flow would be like -

      1. User register to NextDNS and a dynamic Config ID gets assigned to it.

      2. User will now set NextDNS Config ID on his/her router, browser, apps etc.

      3. At this point NextDNS will not respond to any DNS queries. To allow, respective Config ID admin will log in to portal, see the connecting devices page or section. Confirm that this is legitimate device forwarding queries to his/her ID.

      4. Authorize or Deauth based on legitimate connection and setup is complete. NextDNS is now accepting and respoding to DNS queries only from authorized clients.

      Maybe in addition to above, can have a blacklist kind of option also. If Config ID gets leaked, it might happen that even after Deauth that rogue client is continuously trying to connect so maybe to mitigate this a blacklist option to permanently block the connection.

      Like 1
      • Rob
      • iOS Developer
      • Rob
      • 2 mths ago
      • Reported - view

      Johnny Since-1985 What is used to identify devices? Probably the MAC address, which is easy to spoof…

      But a setup like this would indeed prevent accidental connections (other people making a typo in their config ID resulting in your config ID).

      Like
      • Martheen
      • Martheen
      • 2 mths ago
      • Reported - view

      Rob But... the MAC address isn't visible outside the router, so there isn't really a MAC address to use

      Like
  • Rob Public IP or could use unique identifier which will get created by respective of NextDNS clients.

    Typo can happen with anything. This can be highlighted in setup guide. Or maybe before authorization (Step3 above), rather than restricting DNS response, it can be allowed but without any customized filtering applied.

    I don't know if it is ok to post here but here's how OpenDNS works in this case. Maybe this will give more idea. Refer 'Adding Network' section -

    https://support.opendns.com/hc/en-us/articles/227988127-Getting-started-About-using-OpenDNS

    Like
      • Rob
      • iOS Developer
      • Rob
      • 2 mths ago
      • 1
      • Reported - view

      Johnny Since-1985 Maybe I misunderstand that page, but it seems about proving that your home network is currently using a certain IP address. It’s not for mobile devices on a cellular network? Would be a major pain, since you’ll most likely get a random IP address every time you connect.

      Like 1
    • Rob OpenDNS has IP updater app for almost all platforms which update the public IP whenever it changes so that custom policies keep getting enforced.

      Maybe this required change in business logic which developers at NextDNS better know. But i think this feature is worth give a try. Right now there are no restrictions on controlling who can connect to my Config ID. We must have something to fulfill this gap.

      Like
Like10 Follow
  • 10 Likes
  • 2 mths agoLast active
  • 7Replies
  • 177Views
  • 4 Following