NextDNS IP Address Ranges / Subnets


I've set up NextDNS with a couple of phones & computers and my home network (OPNsense) and am lovin' it.

I'd like to, now, block access to any other DNS servers on the edge firewall. To do that, I'll allow traffic out explicitly to the NextDNS servers then block access on 53 & 853 to anywhere else.

However, I've tried doing this by allowing out to the 2 IP address listed on my NextDNS settings and blocking anything else but when I do this devices can't resolve any more.

When I check the logs the devices configured to use NextDNS are trying to get to many other IP addresses.

Is there, somewhere documented, a list of all NextDNS IP address subnets?

4 replies

    • R_P_M
    • 3 mths ago
    • Reported - view

    The main subnets are & for IPv4. I’ll have to check back for the IPv6 ones, bit too long to remember it in full. 

      • wistful
      • 3 mths ago
      • Reported - view

      Thanks, I'm getting blocks to the following IPs (possibly more):

      It looks like that belongs to NextDNS too. Perhaps there are more subnets that need to be whitelisted?

      • R_P_M
      • 3 mths ago
      • Reported - view

       Those particular IPs are for the local PoP NextDNS partners. They are usually just single IPs rather than subnets. The best way to find the IPs is to do a dns lookup for “dns.nextdns.io”, it should return two IPs of the ultra low servers. They might change in the future so you may have to check every now and then. 

      • Idig
      • 2 wk ago
      • Reported - view

        thanks so much 

Content aside

  • 2 wk agoLast active
  • 4Replies
  • 964Views
  • 4 Following