Install NextDNS
The new firewall for the modern Internet. NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids — on all devices and on all networks.
You can sign up for a free account with a limited quota of network queries(300,000 queries/month)
Can only use one DNS security protocol at a time (DoH or DoT)
Unbound configurations forward-zone:
forward-addr: 45.90.28.0#xxxxxx.dns1.nextdns.io
forward-addr: 2a07:a8c0::#xxxxxx.dns1.nextdns.io
forward-addr: 45.90.30.0#xxxxxx.dns2.nextdns.io
forward-addr: 2a07:a8c1::#xxxxxx.dns2.nextdns.io
xxxxxx is NextDNS account ID
sh -c "$(curl -sL https://nextdns.io/install)"
select no for:
- Setup as a router
- Enable caching
- Automatically setup local host DNS
Open NextdDNS configuration file and replace port 53(using by Unbound) to 5335:
sudo nano /etc/nextdns.conf
control /var/run/nextdns.sock
cache-max-age 0s
detect-captive-portals false
hardened-privacy false
auto-activate true
listen localhost:5335
listen ip6-localhost:5335
forwarder mycompany.com.=https://dns.nextdns.io/XXXXX ## optional
forwarder mycompany2.com.=https://dns.nextdns.io/XXXXX ## optional
cache-size 100MB
discovery-dns
timeout 5s
max-ttl 10s
mdns all
use-hosts true
setup-router false
config XXXXX ## your ID account in NEXT-DNS
log-queries false
report-client-info true
bogus-priv true
max-inflight-requests 256
Add to AdGuard servers:
127.0.0.1@5335
::1@5335
Commands:
nextdns install
or
nextdns start
systemctl status nextdns.service
for see log
nextdns log
for see cache-key
nextdns cache-keys
With DNScrypt-proxy : Discussion#37