m/NextDNS-Config
1
0
Fork 0
mirror of https://github.com/yokoffing/NextDNS-Config.git synced 2025-11-16 15:13:45 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
yokoffing
2022-07-26 14:56:54 -04:00
committed by GitHub
parent 9b9e870048
commit ee67ec17df
1 changed files with 28 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@@ -1,7 +1,7 @@
***
# Guidelines :bookmark:
1) Must pass the [girlfriend test](https://www.urbandictionary.com/define.php?term=Grandma%20Test) with few exceptions. These deviations are documented throughout the guide.
2) Prevent overblocking by utilizing the [law of diminishing returns](https://pmctraining.com/site/wp-content/uploads/2018/04/Law-of-Diminishing-Returns-CHART.png) (e.g., using overly aggressive [blocklists](https://github.com/yokoffing/NextDNS-Config#blocklists-1), restricting too many [TLDs](https://github.com/yokoffing/NextDNS-Config#block-top-level-domains-tlds-1-2-3-4), etc.).
1) Be slightly stricter than only passing the [girlfriend test](https://www.urbandictionary.com/define.php?term=Grandma%20Test). These deviations are documented throughout the guide.
2) Prevent overblocking by utilizing the [law of diminishing returns](https://pmctraining.com/site/wp-content/uploads/2018/04/Law-of-Diminishing-Returns-CHART.png) (e.g., using quality but [sane](https://www.privacyguides.org/basics/threat-modeling/) [blocklists](https://github.com/yokoffing/NextDNS-Config#blocklists-1), allowing most [TLDs](https://github.com/yokoffing/NextDNS-Config#block-top-level-domains-tlds-1-2-3-4), etc.).
***
@@ -23,15 +23,15 @@
### Domain Generation Algorithms (DGAs) Protection
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable DGA Protection
### Block Newly Registered Domains (NRDs) <sup><sup>[1](https://www.malwarebytes.com/glossary/phishing) [2](https://old.reddit.com/r/uBlockOrigin/comments/w64sqt/comment/ihboutk/?context=3) [3](https://www.boldgrid.com/instagram-influencer-accounts-are-being-hacked-phishing-attacks/) </sup></sup>
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Newly Registered Domains (NRDs) → :radioactive: *Enabling may cause breakage*
<br>
<br>:warning: Blocking NRDs will cause false positives [occasionally](https://old.reddit.com/r/InternetIsBeautiful/comments/w2wdro/comment/iguvg8y/?context=3). Be selective when adding NRDs to your allowlist; and, when you do this, **NEVER** give [sensitive information](https://www.egnyte.com/guides/governance/sensitive-information) to a NRD. If you would rather [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, disable this setting.
:warning: Blocking NRDs will cause false positives [occasionally](https://old.reddit.com/r/InternetIsBeautiful/comments/w2wdro/comment/iguvg8y/?context=3). Be selective when adding NRDs to your allowlist; and, when you do this, **NEVER** give [sensitive information](https://www.egnyte.com/guides/governance/sensitive-information) to a NRD. *If you would rather [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, disable this setting.*
<br><br>![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Newly Registered Domains (NRDs)
### Block Dynamic DNS Hostnames <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/ddns/suffixes) [2](https://twitter.com/NextDNS/status/1541740963760144386?cxt=HHwWhIC8iZ7PruUqAAAA) [3](https://www.phishing.org/what-is-phishing) </sup></sup>
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Block Dynamic DNS Hostnames
### Block Parked Domains <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/security/parked-domains-cname)</sup></sup>
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Parked Domains
### Block Top-Level Domains (TLDs) <sup><sup>[1](https://www.gomyitguy.com/blog-news-updates/malicious-domain-extensions) [2](https://www.spamhaus.org/statistics/tlds/) [3](https://thrivemyway.com/info-websites/) [4](https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/)</sup></sup>
:radioactive: *Enabling may cause breakage*
:warning: *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, skip this setting.*
```
.work
@@ -58,26 +58,26 @@
# Privacy :lock:
### Blocklists <sup><sup>[1](https://github.com/nextdns/metadata/tree/master/privacy/blocklists)</sup></sup>
NextDNS Ads & Trackers Blocklist
oisd
1Hosts (Pro)
Here's a compliation of popular blocklists available in NextDNS:
- **Balanced:** no breakage; [set-and-forget](https://glosbe.com/en/en/set-and-forget); doesn't interfere with user experience
- **Strict:** minimal breakage; prioritizes privacy over user experience; you may allowlist occasionally
- **Aggressive:** excessive breakage; may be used on a separate profile to [lockdown isolated devices](https://old.reddit.com/r/nextdns/comments/uqap3n/comment/i8q8alf/?context=3)
- **Strict:** minimal breakage; prioritizes privacy over user experience; allowlist occasionally
- **Aggressive:** excessive breakage; use on a separate profile to [lockdown isolated devices](https://old.reddit.com/r/nextdns/comments/uqap3n/comment/i8q8alf/?context=3)
| Balanced | Strict | Aggressive |
|:---------------------------------: |:------------------------------: |:----------------------------------------: |
| 1Hosts (Lite) | 1Hosts (Pro) | 1Hosts (Xtra) |
| oisd | Lightswitch05 - Ads & Tracking | Energized Ultimate |
| notracking | Lightswitch05 - Tracking Aggressive | Goodbye Ads |
| NextDNS Ads & Trackers Blocklist | Lightswitch05 - Tracking Aggressive | Goodbye Ads |
| notracking | | |
| NoTrack Tracker Blocklist | | |
| AdGuard DNS filter | | |
#### Highly Recommended:
1) [NextDNS Ads & Trackers Blocklist](https://github.com/nextdns/metadata/blob/master/privacy/blocklists/nextdns-recommended.json)
2) [oisd](https://raw.githubusercontent.com/sjhgvr/oisd/main/dblw_full.txt) <sup>[1](https://oisd.nl/includedlists/full) [2](https://oisd.nl/excludes.php?excludedfrom=allincluded) </sup>
3) [1Hosts (Pro)](https://o0.pages.dev/Xtra/wildcards.txt) <sup>[1](https://github.com/badmojr/1Hosts/blob/master/-data/lists/assets.txt)</sup>
### Native Tracking Protection <sup><sup>[1](https://github.com/nextdns/metadata/tree/master/privacy/native)</sup></sup>
:radioactive: *Enabling may cause breakage (unlikely)*
Add these brands according to what devices you use. There's no advantage in adding brands you don't own; however, theres no disadvantage in adding unused brands either.
@@ -94,17 +94,16 @@ Add these brands according to what devices you use. There's no advantage in addi
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Block Disguised Third-Party Trackers
### Allow Affiliate & Tracking Links <sup><sup>[1](https://github.com/nextdns/metadata/blob/master/privacy/affiliate-tracking-domains) [2](https://twitter.com/NextDNS/status/1539229377560461312) </sup></sup>
![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Allow Affiliate & Tracking Links → :radioactive: *Disabling may cause breakage*
<br>
<br> :warning: If you would rather [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, enable this setting.
:warning: *If you plan to [set-and-forget](https://glosbe.com/en/en/set-and-forget) your configuration, enable this setting.*
<br><br>![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Allow Affiliate & Tracking Links
***
# Parental Control:older_man:
# Parental Control :family:
### YouTube Restricted Mode
![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Enforce YouTube Restricted Mode → :radioactive: *Enabling may cause breakage*
![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Enforce YouTube Restricted Mode
### Block Bypass Methods <sup><sup>[1](https://github.com/nextdns/metadata/tree/master/parentalcontrol)</sup></sup>
![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Block Bypass Methods → :radioactive: *Enabling may cause breakage*
![Disabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/disabled.svg) Block Bypass Methods
***
@@ -158,7 +157,7 @@ Add these brands according to what devices you use. There's no advantage in addi
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Block Page → :radioactive: *Enabling may cause breakage if the [NextDNS Root CA](https://help.nextdns.io/t/g9hmv0a/how-to-install-and-trust-nextdns-root-ca) is not on your devices*
### Anonymized EDNS Client Subnet <sup><sup>[1](https://help.nextdns.io/t/m1hmv04/what-is-edns-client-subnet-ecs) </sup></sup>
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Anonymized EDNS Client Subnet
### Cache Boost
### Cache Boost <sup><sup>[1](https://old.reddit.com/r/nextdns/comments/girmcf/new_setting_cache_boost/)</sup></sup>
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable Cache Boost
### CNAME Flattening <sup><sup>[1](https://medium.com/nextdns/nextdns-added-cname-uncloaking-support-becomes-the-first-cross-platform-solution-to-the-problem-e3f437f84342) [2](https://developers.cloudflare.com/dns/additional-options/cname-flattening) [3](https://advancedweb.hu/what-is-cname-flattening-and-how-it-helps-redirecting-the-apex-domain/) </sup></sup>
![Enabled](https://raw.githubusercontent.com/crssi/NextDNS-Config/main/icons/enabled.svg) Enable CNAME Flattening