0

Blockpage redirect

Hi, 

In order to have a custom blockpage (so we don't need to install a root cert), is it possible to make a static DNS entry in our local DNS server for blockpage.nextdns.io that points to our own blockpage? Would that work?

5 replies

null
    • NextDNs
    • 3 mths ago
    • Reported - view

    You would have to create and manage your own root CA and host a HTTPS server capable of creating certs for blocked domains signed by your CA on the fly. Basically do part of our work yourself, and it is not the easiest :)

    • Eric.9
    • 3 mths ago
    • Reported - view

    @NextDNS should do what ControlD has done -- create a "branded" block page that doesn't require a certificate.

      • NextDNs
      • 3 mths ago
      • Reported - view

       you always need a custom root CA to support blockpages over HTTPS. Custom root CA are difficult to install, unsafe and widely misunderstood and makes the blockpage feature a not so great idea for most people.

      • Eric.9
      • 3 mths ago
      • Reported - view

      I agree, and I'm currently using a certificate for DNSFilter.  However, I was just testing ControlD's blockpage (the branded one) and it displayed WITHOUT a certificate being installed on both my MacBook Air and my iPhone.  NextDNS should look into this.

      I prefer NextDNS, and I hope NextDNS will continue development of new features.  Unfortunately, it appears it's become stagnant and could learn a few things by looking at its competitors to add what they are doing.

      • NextDNs
      • 3 mths ago
      • Reported - view

       it only works on plain HTTP without a CA, same as ours. There is absolutely no way around distributing a blockpage over HTTPS without using a root CA.

      They say it too: https://docs.controld.com/docs/blocked-query-response#branded-block-page

Login to reply

Content aside

  • 3 mths agoLast active
  • 5Replies
  • 132Views
  • 3 Following