yokoffing / nextdns-config Goto Github PK

Hi,

first of all thx for the guideline and efforts in that category.

I do have some questions concerning the guideline:

• AI-Driven Threat Detection: As it's still Beta, why enable (cannot find any explanation for this part)?
• Google Safe Browsing: nearly every browser does have it enabled (why not disable it within NextDNS?)
• Cryptojacking Protection: isn't it already integrated within blocklists?
• IDN Homograph Attacks Protection: I would be careful with german "Umlaute" websites
• Block Dynamic DNS Hostnames: What if you use own DDNS services?

I'm thinking about having as less as possible activated, so that NextDNS doesn't get slow... Or does it not matter concerning speed of NextDNS?

Hey, my wifi seems to be restricting the use of nextDNS. No website is loading as long as I'm connected to nextDNS. It worked normally for a few days, up till this point. Can you please help?

It would be interesting to see a similar guide for ControlD DNS. It is more complex than NextDNS, but it is the closest alternative that exists.

Hi, these domains are blocked by hagezi Ultimate but are needed for Xbox Achievements. I think these would be a great addition to the "allowlist" section.

v10.events.data.microsoft.com
v20.events.data.microsoft.com

All of the apple domains recommended in the denylist section are included in either NextDNS' built in apple tracking protection, or Hagezi.
You can verify it for yourself by trying to access the domains and viewing the NextDNS log.

The only one which doesn't seem to by blocked is feedbackws.fe.apple-dns.net

I also checked the recommended Twitter and Nvidia domains, those are indeed not blocked by Hagezi.

First of all, Happy New Year and thank you for this helpful guide!

1. How do you manage the use of multiple browsers on the iPhone? If I use Orion for my daily browsing, then Safari would no longer be used?
2. As adblock for Safari is AdGuard better than 1Blocker or Ghostery for iOS? How do you configure AdGuard if one already has protection with some lists through NextDNS? (Will the free version be enough?)

Cheers!

is there a way to add Cloudflare DNS or is it already in it? i did a https://one.one.one.one/help/ test https://one.one.one.one/help/#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiWWVzIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiS1VMIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiR2lnYWJpdCBIb3N0aW5nIFNkbiBCaGQiLCJpc3BBc24iOiI1NTcyMCJ9 but the results shows no

windows high contrast theme dark black . makes the toggle buttons show as all black with just a border line .
there's no way to tell if the buttons are on or off .
in the allowlist page the button are like but i can tell if on/off , because when its off the text/url become shadowed/grayed .
if u make the settings page like this too it can be usable .

If this is true, maybe it should be included? Are there other issues with Private Relay that are relevant?

https://www.reddit.com/r/nextdns/comments/zy16jp/comment/j23lryk/

Due to the very hight amount of blocklist dead in NEXTDNS (I do not know why they don't rotate those list)

a warning can be useful for those who follow (check the last time update and number of rule) some are not updated (because dead) and some are empty 0 rules.

b-graph.facebook.com is needed for Facebook mobile login.

EnergizedProtection/block#971
EnergizedProtection/block#972
EnergizedProtection/block#973
EnergizedProtection/block#974
EnergizedProtection/block#975
EnergizedProtection/block#976
EnergizedProtection/block#977
nextdns/metadata#1145
nextdns/metadata#1148
https://help.nextdns.io/t/83hsb6l/energized-ultimate-have-0-entries
https://help.nextdns.io/t/m1hs207/energized-ultimate-lists-blocking-nextdns
https://help.nextdns.io/t/q6hs204/nextdns-io-addresses-added-to-a-blocklist-internet-goes-down
please remove Energized Ultimate from your Aggressive Blocklists

Hi, thank you for your excellent guide. I'd like to ask your opinion about using OISD alone vs. OISD + 1Host (lite) as you suggested in Balanced. Please check the argumentation of one reddit user here, who thinks OISD alone is preferred: https://www.reddit.com/r/nextdns/comments/uxl2jm/using_oisd_with_other_blocklists/
I appreciate if you would share your thoughts about this with us and give guidance. Thank you.

Under Block Page, Microsoft Teams is mispelled.

Currently spelled Micorosft Teams.

Disabling Native Tracking Protection for brands which manufacture IoT and connected/"smart" devices and appliances, could prevent confining them, and sometimes even discovering them via their mobile apps.

For example, when trying to update the changed home WiFi settings for Amazon Echo device, I could not access its configuration page in Alexa mobile app on iPhone even after connecting the iPhone to the speaker's own default WiFi which it emits in a set-up mode.

I disabled Native Tracking Protection for Amazon in my NextDNS profile for iPhone, and was able to have this speaker be "discovered" in the app and access its config page.
It could scan and discover my new home WiFi, I entered the password for it, but the speaker was not able to finish the set up for for a new WiFi. Only when I disabled Native Tracking Protection for Amazon in the NextDNS profile for my router, the procedure could be completed.

Then I re-enabled blocking (Native Tracking Protection) for Amazon and the Echo speaker kept working fine, including all interaction between it and Alexa mobile app.

So this is a warning, that at least during discovery/configuration of IoT and connected/"smart" devices, you might need to disable Native Tracking Protection for their manufacturer brand.

Amazon Australia gets blocked by various blocklists, including Hagezi. See hagezi/dns-blocklists#2073

Just came across this little tool.
Hope you find it useful :)

https://github.com/mahtd/nextdns-stats

Hi @yokoffing

Please consider replace oisd to notracking blocklist.
notracking does not have any major false positives.
oisd after several months using it is for me too liberal with whitelisting
Also developer does not ping Original Maintainers about whitelists issue.
NoTracking have solid base with small amount false positives (if any).
Alongside with 1Hosts (Mini) and small custom whitelists NextDNS works like a charm.
Please note: oisd does not have included Steven Black hosts originals and denied adding them.

I used following whitelists (against some apps issues)

adocean.pl
c.msn.com
cdn-settings.appsflyersdk.com
click.redditmail.com
crashlyticsreports-pa.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
googletagmanager.com
gvt1.com
gvt2.com
gvt3.com
insideruser.microsoft.com
launches.appsflyer.com
media-lab.ai
mybbc-analytics.files.bbci.co.uk
oaprodlogging.yo-digital.com
sdk-02.moengage.com
self.events.data.microsoft.com
stats.g.doubleclick.net

https://github.com/notracking/hosts-blocklists

When i used this configuration my yt music app not working
How can i fix?

The answer to this is misleading. Encrypted DNS does prevent ISP from seeing web searches in a url as well as browsing. Sure, they can see you connect to AWS, but not not what devices made the request, what site on AWS is accessed, etc. without DPI. Is it a VPN? No, but it goes a long way to protecting privacy.

Thanks for your work.

Should be updated.

All recommended lists (and alternate) include the cryptojacking list in NextDNS's built in cryptojacking protection. (with additional false positives removed).

So my question is why advise people to enable it? One of the lists are not maintained often and hagezi has stripped some false positives out of it.

hi,

thank you for this easy-to-follow guide

I'm not nitpicking, just tying to understand, if I use 'HaGeZi ultimate' list, then, do I still need to use 'HaGeZi Normal' and 'HaGeZi pro+' as suggested in the guide...

in short, does HaGeZi Ultimate cover all of HaGeZi's lists combined

thanks

maybe 1Hosts (Xtra) should be removed?
there are too much false positives: github.com/badmojr/1Hosts/issues?q=xtra

Originally posted by @bestplayerbot in #26 (comment)

Apparently, Github/Markdown no longer converts footnotes when using headings.

We should remove some links and convert others.

Yet another example that the block page should be banned from NextDNS:
https://help.nextdns.io/t/g9yxqcd/nextdns-blocking-hoyolab

@rs @romaincointepas please disable it.

Came across this really useful extension NX Enhanced, thought you should add it in your config since adds really nice features like:

• Allow/Deny buttons in the logs
• Refine a search with multiple search terms or exclusion terms
• Ability to export/import all settings from/to a config
• Option to show only queries from unnamed devices
• Collapse the list of blocklists enabled
• Sort alphabetically the list of blocklists & more..