yokoffing / nextdns-config Goto Github PK
View Code? Open in Web Editor NEWSetup guide for NextDNS, a DoH proxy with advanced capabilities.
License: GNU General Public License v3.0
Setup guide for NextDNS, a DoH proxy with advanced capabilities.
License: GNU General Public License v3.0
Came across this really useful extension NX Enhanced, thought you should add it in your config since adds really nice features like:
All of the apple domains recommended in the denylist section are included in either NextDNS' built in apple tracking protection, or Hagezi.
You can verify it for yourself by trying to access the domains and viewing the NextDNS log.
The only one which doesn't seem to by blocked is feedbackws.fe.apple-dns.net
I also checked the recommended Twitter and Nvidia domains, those are indeed not blocked by Hagezi.
Disabling Native Tracking Protection for brands which manufacture IoT and connected/"smart" devices and appliances, could prevent confining them, and sometimes even discovering them via their mobile apps.
For example, when trying to update the changed home WiFi settings for Amazon Echo device, I could not access its configuration page in Alexa mobile app on iPhone even after connecting the iPhone to the speaker's own default WiFi which it emits in a set-up mode.
I disabled Native Tracking Protection for Amazon in my NextDNS profile for iPhone, and was able to have this speaker be "discovered" in the app and access its config page.
It could scan and discover my new home WiFi, I entered the password for it, but the speaker was not able to finish the set up for for a new WiFi. Only when I disabled Native Tracking Protection for Amazon in the NextDNS profile for my router, the procedure could be completed.
Then I re-enabled blocking (Native Tracking Protection) for Amazon and the Echo speaker kept working fine, including all interaction between it and Alexa mobile app.
So this is a warning, that at least during discovery/configuration of IoT and connected/"smart" devices, you might need to disable Native Tracking Protection for their manufacturer brand.
hi,
thank you for this easy-to-follow guide
I'm not nitpicking, just tying to understand, if I use 'HaGeZi ultimate' list, then, do I still need to use 'HaGeZi Normal' and 'HaGeZi pro+' as suggested in the guide...
in short, does HaGeZi Ultimate cover all of HaGeZi's lists combined
thanks
Hi @yokoffing
Please consider replace oisd to notracking blocklist.
notracking does not have any major false positives.
oisd after several months using it is for me too liberal with whitelisting
Also developer does not ping Original Maintainers about whitelists issue.
NoTracking have solid base with small amount false positives (if any).
Alongside with 1Hosts (Mini) and small custom whitelists NextDNS works like a charm.
Please note: oisd does not have included Steven Black hosts originals and denied adding them.
I used following whitelists (against some apps issues)
adocean.pl
c.msn.com
cdn-settings.appsflyersdk.com
click.redditmail.com
crashlyticsreports-pa.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
googletagmanager.com
gvt1.com
gvt2.com
gvt3.com
insideruser.microsoft.com
launches.appsflyer.com
media-lab.ai
mybbc-analytics.files.bbci.co.uk
oaprodlogging.yo-digital.com
sdk-02.moengage.com
self.events.data.microsoft.com
stats.g.doubleclick.net
b-graph.facebook.com is needed for Facebook mobile login.
Due to the very hight amount of blocklist dead in NEXTDNS (I do not know why they don't rotate those list)
a warning can be useful for those who follow (check the last time update and number of rule) some are not updated (because dead) and some are empty 0 rules.
Hi, thank you for your excellent guide. I'd like to ask your opinion about using OISD alone vs. OISD + 1Host (lite) as you suggested in Balanced. Please check the argumentation of one reddit user here, who thinks OISD alone is preferred: https://www.reddit.com/r/nextdns/comments/uxl2jm/using_oisd_with_other_blocklists/
I appreciate if you would share your thoughts about this with us and give guidance. Thank you.
Hey, my wifi seems to be restricting the use of nextDNS. No website is loading as long as I'm connected to nextDNS. It worked normally for a few days, up till this point. Can you please help?
All recommended lists (and alternate) include the cryptojacking list in NextDNS's built in cryptojacking protection. (with additional false positives removed).
So my question is why advise people to enable it? One of the lists are not maintained often and hagezi has stripped some false positives out of it.
The answer to this is misleading. Encrypted DNS does prevent ISP from seeing web searches in a url as well as browsing. Sure, they can see you connect to AWS, but not not what devices made the request, what site on AWS is accessed, etc. without DPI. Is it a VPN? No, but it goes a long way to protecting privacy.
Thanks for your work.
Hi,
first of all thx for the guideline and efforts in that category.
I do have some questions concerning the guideline:
I'm thinking about having as less as possible activated, so that NextDNS doesn't get slow... Or does it not matter concerning speed of NextDNS?
It would be interesting to see a similar guide for ControlD DNS. It is more complex than NextDNS, but it is the closest alternative that exists.
Hi, these domains are blocked by hagezi Ultimate but are needed for Xbox Achievements. I think these would be a great addition to the "allowlist" section.
v10.events.data.microsoft.com
v20.events.data.microsoft.com
If this is true, maybe it should be included? Are there other issues with Private Relay that are relevant?
https://www.reddit.com/r/nextdns/comments/zy16jp/comment/j23lryk/
Yet another example that the block page should be banned from NextDNS:
https://help.nextdns.io/t/g9yxqcd/nextdns-blocking-hoyolab
@rs @romaincointepas please disable it.
Should be updated.
is there a way to add Cloudflare DNS or is it already in it? i did a https://one.one.one.one/help/ test https://one.one.one.one/help/#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiWWVzIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiS1VMIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiR2lnYWJpdCBIb3N0aW5nIFNkbiBCaGQiLCJpc3BBc24iOiI1NTcyMCJ9 but the results shows no
Line 18 in a22ddf4
EnergizedProtection/block#971
EnergizedProtection/block#972
EnergizedProtection/block#973
EnergizedProtection/block#974
EnergizedProtection/block#975
EnergizedProtection/block#976
EnergizedProtection/block#977
nextdns/metadata#1145
nextdns/metadata#1148
https://help.nextdns.io/t/83hsb6l/energized-ultimate-have-0-entries
https://help.nextdns.io/t/m1hs207/energized-ultimate-lists-blocking-nextdns
https://help.nextdns.io/t/q6hs204/nextdns-io-addresses-added-to-a-blocklist-internet-goes-down
please remove Energized Ultimate from your Aggressive Blocklists
When i used this configuration my yt music app not working
How can i fix?
Amazon Australia gets blocked by various blocklists, including Hagezi. See hagezi/dns-blocklists#2073
Just came across this little tool.
Hope you find it useful :)
windows high contrast theme dark black . makes the toggle buttons show as all black with just a border line .
there's no way to tell if the buttons are on or off .
in the allowlist page the button are like but i can tell if on/off , because when its off the text/url become shadowed/grayed .
if u make the settings page like this too it can be usable .
maybe 1Hosts (Xtra) should be removed?
there are too much false positives:github.com/badmojr/1Hosts/issues?q=xtra
Originally posted by @bestplayerbot in #26 (comment)
Under Block Page, Microsoft Teams is mispelled.
Currently spelled Micorosft Teams.
Apparently, Github/Markdown no longer converts footnotes when using headings.
We should remove some links and convert others.
First of all, Happy New Year and thank you for this helpful guide!
Cheers!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.