Anyone setup NextDNS?

[g0nz0uk]

Hello,

I had my OPNsense firewall at home running nicely until we had a power cut and the M2 drive failed.  I replaced this and installed the lasted OPNsense and restored my config and was back online in no time really.
The only thing I can't remember how I get working is my NextDNS.

A rebuild would of lost my local changes.  In my notes I have this, are below.  Are they still the valid way to get this working again?

Created a file called nextdns.conf in /var/unbound/etc

server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#e6f5fx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#e6f5fx.dns1.nextdns.io
  forward-addr: 45.90.30.0#e6f5fx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#e6f5fx.dns2.nextdns.io

Make sure the file owner is unbound and same rights as other files.

chown unbound nextdns.conf

[janci]

not sure but check https://docs.opnsense.org/manual/unbound.html?highlight=unbound#advanced-configurations

for correct path of that nextdns.conf

[franco]

Huh, why not add the servers to Services: Unbound DNS: DNS over TLS and be done with it? :)


Cheers,
Franco

[maciekb]

Because GUI doesn't allow entry in format required to identify NextDNS configuration profile, which is <next.dns.ip>#<next_dns_profile_id>.dnsX.nextdns.io, such as "45.90.28.0#e6f5fx.dns1.nextdns.io" in above example.


Best regards,
Maciek

[rman50]

The ability to do that custom DNS over TLS configuration via the GUI was added last year with the hostname field. I have been using it since it was added and have had no issues with NextDNS. Just set the hostname to <client identifier>-<next_dns_profile_id>.dnsX.nextdns.io.

[maciekb]

You are right. I tried following the NextDNS instructions and overlooked the additional fields in the OPNsense GUI. Sorry for the confusion.

Best regards,
Maciej