Skip to main content

User Manual

Internet safety with NextDNS

The NextDNS service protects against access to unwanted content, blocks malware, and ensures privacy at the DNS level. It automatically filters traffic and encrypts DNS requests. A special feature is the parental control function, which allows you to control children's access to certain resources on the internet. The so-called child filter is supported, with safe searching and filtering of adult content (websites for adults, with violence, piracy, etc.). The service allows you to create so-called Denylists and Allowlists of domain names. You can directly blacklist specific sites and games or, conversely, unblock individual addresses.

Enable NextDNS content filter on the router in your home network, and it will automatically filter content on all computers and mobile devices at once. It is also possible to set up filtering separately for each local network host.

Enabling NextDNS in the router

To use the content filter, you must install the NextDNS system component in the router. You can do this on the General System Settings page in the KeeneticOS Update and Component Options section by clicking on Component options.

NextDNS-01-en.png

The NextDNS service setting will then be available in the router's web interface on the Internet Safety page.

On the Content Filter tab, select NextDNS in the Filter mode field.

To use the internet filter, you need to create an account on the NextDNS site.

If you already have an account, click Log in under NextDNS Account and log in.

NextDNS-02-en.png
Setting up a profile in the NextDNS configuration panel

To use the internet filter, you must first create an account on the NextDNS website.

NextDNS-03-en.png

Once an account has been created, a My First Configuration profile will be automatically created in the configuration panel (personal account of NextDNS).

NextDNS-04-en.png

In the Parental Controls tab under Websites, Apps & Games you can deny access to specific websites, apps and games in the suggested list, or under Categories you can deny access to an entire category of content.

NextDNS-05-en.png
NextDNS-06-en.png
NextDNS-07-en.png

In our example, the Minecraft website and app and the Social Networks category are enabled:

NextDNS-08-en.png

In the Denylist tab, you can create a blocklist by adding individual domains to it. In our example, we added a ban on the TikTok website:

NextDNS-09-en.png

In the Allowlist tab, you can use the list of domains to exclude some sites that fall by default into some previously blocked categories. In our example, the category Social Networks was previously disabled, and access to the Facebook website falls into this category, but by using the Allowlist, you can add a domain and access to it will be allowed:

NextDNS-10-en.png

After making the necessary settings in the NextDNS configuration panel in the My First Configuration profile, go to the router settings.

Assigning a NextDNS profile to the local network devices in the router

On the Internet Safety page under the Content Filter tab, you can assign the configured NextDNS profile either to a specific LAN segment or to individual registered devices.

Under Default Content Filtering Profiles, specify the pre-configured profile for the desired network segment. In our example, My First Profile is selected for the Home network segment:

NextDNS-11-en.png

Under Assignment of Content Filtering Profiles to Registered Clients, each registered device can be given an individual profile. For example:

NextDNS-12-en.png

If you want to disable (or not use) Internet filter for a specific LAN device, create a 'No filtering' profile in the DNS settings and assign it to the client. For more information, see 'Creating a DNS profile without filtering'.

Important

When NextDNS is enabled, DNS over HTTPS protocol support is automatically used to protect DNS requests from interception and provide additional privacy. You can verify this through the router's command line interface (CLI) by running the commands show nextdns availability and nextdns check-availability:

(config)> show nextdns availability        
available: yes            
port: 53       
doh-supported: yes       
doh-available: yes

(config)> nextdns check-availability
NextDns::Client: NextDNS DNS-over-HTTPS is available.

For more information, see 'DoT and DoH proxy servers for DNS requests encryption'.