1

Add mechanism to disable unencrypted DNS queries

NextDNS can accept unencrypted queries on port 53. For security reasons, it would be useful to be able to block all such queries.

4 replies

null
    • in_addr_arpa
    • 13 days ago
    • Reported - view

    One can do this with their own firewall by (1) blocking any traffic outbound on tcp/53 and udp/53, and then (2) pointing all clients inside their network to a local nextdns-cli install running as a daemon and available on their local network.

      • silent
      • 3 days ago
      • Reported - view

      The issue is that not all devices support doing that.

    • silent
    • 3 days ago
    • Reported - view

    What about also forcing all connections to use encrypted DNS so that if something is required for an app to function, the connections are not blocked, and are instead put through the secure routing.

    • silent
    • 2 days ago
    • Reported - view

    You could maybe do this with a more advanced router that is using NextDNS. For things like iOS devices, iCloud Private relay is also an option but I think it only works for the safari browser.

    On windows devices, combining the NextDNS app and manual DNS configuration is more effective than either one by itself.

    For apple devices, the config profile method is very effective. but PLEASE be careful with configuration profiles, they are VERY powerful and can be dangerous if you are not careful with them.

Login to reply

Content aside

  • 1 Likes
  • 2 days agoLast active
  • 4Replies
  • 65Views
  • 4 Following