[HN Gopher] NextDNS API
___________________________________________________________________
NextDNS API
Author : andrewinardeer
Score : 115 points
Date : 2022-06-16 12:57 UTC (10 hours ago)
(HTM) web link (nextdns.github.io)
(TXT) w3m dump (nextdns.github.io)
| politelemon wrote:
| This was one of the most requested features ever since launch.
| Glad to see it happen.
|
| The documentation seems to be missing instructions on how to
| obtain an API key.
| k0stas wrote:
| I was just trying out the API and noticed the same thing. I
| found the API key near the bottom on my
| https://my.nextdns.io/account page.
| hiram112 wrote:
| I've been using this service on my dev laptop, tablet, and phone
| for a few years now. It works well, and every time I turn it off,
| I immediately notice a huge difference as it blocks so much
| garbage that brings my phone's browser, especially, to a crawl.
|
| I have never paid a cent for it. I still don't understand how
| they can make money... unless I'm actually the product being sold
| (which I was always under the impression that they didn't sell or
| share user data). Who knows.
| pstadler wrote:
| My devices in my home network (2 adults, 1 small kid) did
| around 1M queries in the past 30 days. Close to 70k were
| blocked. Using this service has a huge positive impact, but can
| be a bit on the aggressive side depending on your settings.
| I've added a dozen of domains to the allowlist during the past
| two years. Happily paying for it.
| Melatonic wrote:
| Yea I have had to do a lot of allowlist customizing but I
| also am doing a pretty aggressive set of filters and options.
| I also have a second profile that does much, much less and
| have family on that one.
| andrewaylett wrote:
| I suspect the free tier falls (at least in some sense) under
| "marketing" rather than being expected to return a direct
| profit. It's enough to be useful, but (I assume) little enough
| that enough people subscribe.
|
| For comparison, my account has roughly 3.5M queries over the
| past 30 days, and 298k of those are to a single domain :P.
| infecto wrote:
| I pay for it, the cap of 300k queries a month on the free tier
| was far too little for a household of two. Depends on what type
| of devices are running on you network of course but I hit
| 845,809 queries for the last 30 days.
|
| I assume a number of people are paying for it. easier than
| running a pihole locally.
| Quarrel wrote:
| I pay for it too.
|
| The 300k is super easy to hit in a house with a few devices
| in it.
| Fritsdehacker wrote:
| Same here. And it is not expensive.
| haswell wrote:
| Just recently started using NextDNS, and yeah, I hit those
| 300K pretty quickly.
|
| I noticed that some apps/devices would continue querying
| pretty aggressively after being blocked, and this seemed to
| eat through the available queries pretty quickly.
|
| But $20/year is such a great deal IMO it was an insta-buy for
| me.
| throw0101a wrote:
| If anyone wants a generic utility for interfacing with various
| DNS APIs, see _lexicon_ :
|
| * https://github.com/AnalogJ/lexicon
|
| For CLI and Python.
|
| Such a utility is handy if you want to use the _dns-01_ method
| for ACME /Let's Encrypt via DNS aliasing:
|
| * https://dan.langille.org/2019/02/01/acme-domain-alias-mode/
|
| * https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...
|
| * https://news.ycombinator.com/item?id=28256326 (2020)
|
| Deep dive on how ACME DNS validation works:
|
| * https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...
|
| Some folks have also written 'minimalist' DNS servers for DNS
| validation (delegate to a sub-domain that you control if your
| provider does not have an API):
|
| * https://github.com/joohoi/acme-dns
| remram wrote:
| It seems that lexicon is handy to use dns-01 _instead of DNS
| aliasing_.
|
| If you do aliasing, you can serve the DNS challenge from the
| server you want and that you fully control. You don't need to
| interface with your registrar, you just add an NS record once
| (manually).
|
| You need lexicon if you want to serve the challenge from your
| registrar instead, and lexicon is the tool that will allow you
| to talk to many registrars.
| haswell wrote:
| These are all great resources, but a bit off topic, no?
|
| NextDNS is essentially Pi-hole-as-a-service, and its APIs are
| not focused on managing DNS in the traditional sense. Instead,
| they provide visibility into NextDNS's lookup/block analytics,
| managing settings, etc.
| newman314 wrote:
| There are also the following:
|
| * dnscontrol - https://stackexchange.github.io/dnscontrol/
|
| * octodns - https://github.com/octodns/octodns
| melony wrote:
| What are some use cases for this sort of libraries?
| quyleanh wrote:
| Already posted on HN
|
| https://news.ycombinator.com/item?id=31579149
| [deleted]
| teekert wrote:
| Sorry I'm lazy, but can I use this to get valid certs for
| services on my lan :) ?
| buro9 wrote:
| Via DNS?
| cassianoleal wrote:
| NextDNS is not a DNS hosting service - it's a DNS server you
| can use for queries, like OpenDNS, or Cloudflare's 1.1.1.1,
| etc.
|
| What you're looking for is a DNS hosting service with an API
| that can be used from an ACME client. I use LuaDNS for that,
| their service is excellent and you can store your zone files in
| git (and auto-update DNS with a webhook on push).
| seaghost wrote:
| I still can't believe you can't change profiles based on
| different WiFi networks, i.e home or work.
| firloop wrote:
| I'm planning on building this sort of functionality with the
| iOS Shortcuts and the NextDNS API. Very excited about this.
| 0JzW wrote:
| do you have any context for this? why is this API interesting?
| iampims wrote:
| 1. It's new. You had to make those changes manually before
|
| 2. You can now automate a lot of things. Example: block
| twitter/fb/social media after 9pm for everyone.
| operator-name wrote:
| Your second example would be subject to TTLs right?
| vladvasiliu wrote:
| Sure, but I'd expect those to be short enough to not matter
| for this purpose. The cutoff may happen at 9:05 istead of 9
| sharp, which is close enough. drill
| facebook.com @8.8.8.8 ;; ->>HEADER<<- opcode:
| QUERY, rcode: NOERROR, id: 34092 ;; flags: qr rd ra
| ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
| ;; QUESTION SECTION: ;; facebook.com. IN A
| ;; ANSWER SECTION: facebook.com. 300 IN A
| 157.240.21.35
| blaydator wrote:
| I would love to disable filtering for a limited time (eg when
| opening a TechCrunch article which doesn't load with nextDns
| enable), but the api doesn't seems to provide a way to achieve
| this. So I need to open the app and disable NextDns, then I
| forget toi re-enable it..
| Melatonic wrote:
| Hell YEAH
|
| Now can we just get an easy way in the GUI to import/export our
| custom blocklists / allow lists ? And bulk adding/removing things
| to both would be nice as well through the GUI.
| todsacerdoti wrote:
| We just added the ability to automate DNS management with NextDNS
| using Pipedream - https://pipedream.com/apps/nextdns/
| superchink wrote:
| It might be cool to use this API to temporarily unblock a domain
| in use by the current site. Might require a browser extension,
| but is it possible?
| hamandcheese wrote:
| They specifically call out adding domains to the deny list as
| an example:
|
| > ...or add a domain to the Denylist by POST'ing at:
| https://api.nextdns.io/profiles/:profile/denylist
|
| So I assume the same can be done for allowlists.
| haswell wrote:
| I recently started using NextDNS, and it's great, but was
| thinking about exactly this use case as I went to my allow-
| list yet again to add a domain so I could use some app/site,
| I forget which.
|
| NextDNS is great, but occasionally breaks things depending on
| the blocklists enabled, so I was toying with the idea of
| building a utility that would show the last n blocked domains
| with an easy option to click-to-add a specific domain to the
| allow-list.
|
| As far as I can tell, the API has what's needed.
___________________________________________________________________
(page generated 2022-06-16 23:01 UTC)