Encrypt all the things!

We have Okta and I use Authy with it so yeah, it should work just fine with Google Auth.

I use Aegis with Okta... works fine.

What's the difference between using NextDNS installed on my router versus just plugging in the NextDNS server IP addresses?

I currently use two PiHoles (with captive DNS using DNAT / masquerade), but uptime / redundancy / failover is not great, and it's a pain to troubleshoot.

Cheers both. My work just encourages to go with whatever is easiest for them, if I just followed their instructions I'd have half a dozen different 2FA apps installed.

@TW on my router (unifi security gateway) having NextDNS installed means that requests are identified by device when you look at the logs on the website. Makes it much easier to see what is requesting what.

I think lastpass has been hacked again

You'd need to use a dynamic DNS to keep NextDNS updated with what your IP is... otherwise your configuration won't be applied.

I only use other 2FA apps if there really is no other option.

I used to be able to see what device was making requests, when I was using an EdgeRouter.

I recently migrated to a Dream Machine Pro, which, while making most things a lot easier, has made configuring captive DNS & DNAT a lot more opaque, as there is no GUI for it Configuring IP tables over ssh is just fiddly. I also can't seem to use both PiHoles any more.

I'll have a go with installing NextDNS when nobody needs the network for work.

Luckily, even though I theoretically have a dynamic IP allocated, it's only changed once in the past 5 years.

I could set up a cron job on the UDM to notify me if the IP changes.

have a go with installing NextDNS when nobody needs the network for work.

I also a have a UDM and use NextDNS, so any reports on how you get on would be be very be useful.

As I use Home Assistant, I just used the dynamic DNS pinger that they have.

But there are also plugins for my NAS that could do it.

It's not much more than a cron with permission to call an API against a DNS service and set the IP of a domain.

I am finally wanting to get something up and running for my house. I googled / reddited and read a bit, but trust the forum > elsewhere. Why nextDNS and not quad9? Because we don’t know/trust who backs quad9?

You can control and configure things more with NextDNS. That and debug things faster when you accidentally block something you wanted to let through.

Those are features enough to compel me.

This stuff is all an inconvenience... So fixing it when it goes wrong has to be super easy.

Cool thank you!

Hey @Velocio maybe you could offer some wisdom for setting up nextdns.io. I had it working on Android by changing the Private DNS hostname option but this morning I'm just getting the error "Private DNS server cannot be accessed".

What setup option would you recommend for a home network with an Android phone, an iphone & ipad and a MacBook?

Hey @Velocio maybe you could offer some wisdom for setting up nextdns.io. I had it working on Android by changing the Private DNS hostname option but this morning I'm just getting the error "Private DNS server cannot be accessed".

My Android: Settings > Network and Internet > Private DNS is set to Android-12345a.dns.nextdns.io where 12345a is your account identifier, and Android- is a prefix that means all logs and analytics in NextDNS will identify that the DNS request came from Android.

That's it... and it works.

When doesn't it work? Or... when does it say "Private DNS server cannot be accessed"?

Occasionally this happens, typically it's either a very poor signal somewhere and in effect the internet cannot be access but it's these initial DNS calls that timeout so it misreports the root cause.

Or it's a captive hotspot, a public WiFi, with a very restrictive firewall configuration. And until you have got past their login screen the firewall is preventing all other connections. So again... root cause it misreported - if I must use this hotspot I disable the private DNS momentarily, login, and then re-enable.

if I must use this hotspot I disable the private DNS momentarily, login, and then re-enable

Talking about this, I have a feeling that some public hotspots (the tube is the main one I can bring to mind) disable nextdns and VPNs completely. Is this a thing or am I imagining it?

My Android: Settings > Network and Internet > Private DNS is set to Android-12345a.dns.nextdns.io where 12345a is your account identifier, and Android- is a prefix that means all logs and analytics in NextDNS will identify that the DNS request came from Android.

Thanks, but when I do this I just don't get an internet connection and get the Private DNS server cannot be accessed message.

If I switch the Private DNS setting off, then it connects fine.

No hotspot or VPN and this is just at home with strong signal.

I'm using a standard NOW TV router, maybe something that I need to do there?

1 Attachment

I do exactly the same as Velocio. Maybe double check you've entered the settings correctly. You can generate another profile on your NextDNS account to test another set of settings. Try it on wifi as well as phone network and if neither work it must be something in your settings.

No luck, same issue with another nextdns profile.

When it comes to DHCP or static IP, which option are you using?

I found a post discussing this problem, but I'm not understanding the suggested solution.

https://help.nextdns.io/t/h7hll0w/private-dns-server-cannot-be-accessed

I think that solution and chat about DHCP or static IP is in relation to accessing stuff on a local network, not the internet generally.

You've followed the instructions (whilst logged in to nextdns) under Android on the website I assume? What about if you use the app?

Damn that took a long time but now it works! Had to specify a reserved IP address for a device on the LAN for my Pixel 6a. Then in Android's network settings changed to that static IP address. Now when I set up as @Velocio / the setup guide describes it works fine.

The router being used as a DHCP Server was causing the problem I think?

That doesn't make a lot of sense to me... But if it works I'm glad 😁

. wrong thread, meant to be the IoT thread...

I have no idea but it's the setting that seems to make it work. If on Android I go to network details and change IP settings switch back to DHCP I lose connection and get that 'private DNS server cannot be accessed' message, switch it back to "static" and it's all good 🤷